변수에 문제가 있습니다.PHP 왜 게시 후 변동 손실이 발생합니까?
바로 내가 지금처럼 'GET'값을 저장하는 변수 설정 페이지가로드 같이 좋은
$currentItemID = htmlspecialchars($_GET["id"]);
그게 전부.
다음 사용자가 값을 업데이트 할 수 있도록 $ currentItemID 값을 양식에로드합니다.
여전히 양호합니다.
하지만 사용자가 양식을 제출하면 바로 $ currentItemID 값이 손실됩니다.
이것은 ID = $ currentItemID 인 데이터베이스를 업데이트하려고 시도 할 때 ID가 손실되어 업데이트 할 항목을 알 수 없다는 것을 의미합니다. 심지어 낯선 사람은 SQL이 실제로 ID 값으로 실행된다는 사실입니다.
코드의 삭감 버전은 다음과 같습니다
<?php
//set current item ID
$currentItemID = htmlspecialchars($_GET["id"]);
echo"at start = $currentItemID";
// Setup defaults.
$error = 0; //input errors
$up_error = 0; //title and description error counter - used to only show error message once.
$clean = array();
$clean_name = "";
$clean_description = "";
$clean_price = "";
$clean_pic = "";
$clean_status = "";
$clean_quantity = "";
//if all input is valid then...
if (isset($_POST['add']))
{
echo"inside post = $currentItemID";
//clear error message
$errmsg = '';
// validate 'name': must consist of alphanumeric characters only.
$_POST['name'] = isset($_POST['name']) ? $_POST['name'] : '';
if(preg_match('/^[a-z\d\w\s+,._-]{1,20}$/i',$_POST['name']))
{$clean_name = $_POST['name'];}
else
{$error++;$errmsg .= 'Invalid name. ';}
//validate 'description': must consist of alphabet characters, numbers white space character or , . _ and -
$_POST['description'] = isset($_POST['description']) ? $_POST['description'] : '';
//thought i'ld add another ten characters to allow a bit more text.
if(preg_match('/^[a-z\d\w\s,.]{1,90}$/i',$_POST['description']))
{$clean_description = $_POST['description'];}
else{$error++; $errmsg .= 'Invalid description. ';}
// validate 'price': must be number - with or without 2 decimal places.
$_POST['price'] = isset($_POST['price']) ? $_POST['price'] : '';
if(preg_match('/^\d+(\.\d{2})?$/',$_POST['price']))
{$clean_price = $_POST['price'];}
else
{$error++; $errmsg .= 'Invalid price. ';}
// validate 'pic': must consist of alphanumeric characters only.
//$_POST['pic'] = isset($_POST['pic']) ? $_POST['pic'] : '';
//if(preg_match('/\.(jpg|gif|jpeg)$/i',$_POST['pic']))
//{$clean_price = $_POST['pic'];}
//else
//{$error++; $errmsg .= 'Invalid pic. ';}
// validate 'quantity': must consist of numbers only.
//$_POST['pic'] = isset($_POST['pic']) ? $_POST['pic'] : '';
//if(preg_match('/\.(jpg|gif|jpeg)$/i',$_POST['pic']))
//{
$clean_quantity = $_POST['quantity'];
//}
//else
//{$error++; $errmsg .= 'Invalid pic. ';}
// validate 'status': must be one of the drop down options.
$_POST['status'] = isset($_POST['status']) ? $_POST['status'] : '';
if($_POST['status']=='available'||$_POST['status']=='unavailable'||$_POST['status']=='ebay'||$_POST['status']=='new')
{$clean_status = $_POST['status'];}
else
{$error++; $errmsg .= 'Invalid status. ';}
// validate 'catagory': must be one of the drop down options.
/*
$_POST['catagory'] = isset($_POST['catagory']) ? $_POST['catagory'] : '';
if($_POST['catagory']=='cd'||$_POST['catagory']=='tshirt')
{$clean_status = $_POST['catagory'];}
else
{$error++; $errmsg .= 'Invalid catagory. ';}*/
}
if (isset($_POST['add']) && ($error==0))
{
// open connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");
// select database
mysql_select_db($db) or die ("Unable to select database!");
// create query
$query = "UPDATE paulyout_pauly.products
SET
name='$clean_name', description='$clean_description',
price='$clean_price', status='$clean_status', quantity='$clean_quantity'
WHERE id='$currentItemID';";
// execute query
mysql_query($query) or die ("Error in query: $query.".mysql_error());
// close connection
mysql_close($connection);
echo"<p>Item succesfully updated.</p><a href=\"../\">Back to Control Panel</a>.</p>";
echo(htmlspecialchars($_GET["id"]));
echo"what is going on";
echo"currentItemID = $currentItemID";
echo"$currentItemID";
}
else //output error messages
{if ($error>0) {echo "<p><strong>There were errors in your submission:</strong> $errmsg</p>\n";}
///////////////////get existing item details:
// open connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");
// select database
mysql_select_db($db) or die ("Unable to select database!");
// create query
$query = "SELECT id, name, description, price, pic, status, quantity FROM products where id = '$currentItemID';";
// execute query
$result = mysql_query($query) or die ("Error in query!");
//return results
$counter = 0;
if(mysql_num_rows($result) > 0) {
while(list($db_id, $db_name, $db_description, $db_price, $db_pic, $db_status, $db_quantity) = mysql_fetch_row($result)){
//render form
?>
<form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" id="save"><fieldset>
<table id="site-form">
<tr>
<td class="one_of_three"><label>Item Name: </label></td>
<td class="two_of_three"><input type="text" name="name" id="name" value="<?php echo"$db_name";?>"/></td>
<td><label class="errors" id="nameError"> </label></td>
</tr>
<tr>
<td class="one_of_three"><label>Description: </label></td>
<td class="two_of_three"><textarea rows="10" cols="30" name="description" id="description"><?php echo"$db_description";?></textarea></td>
<td><label class="errors" id="descriptionError"> </label></td>
</tr>
<tr>
<td class="one_of_three"><label>Price(£): </label></td>
<td class="two_of_three"><input type="text" name="price" id="price" value="<?php echo"$db_price";?>"/></td>
<td><label class="errors" id="priceError"> </label></td>
</tr>
<tr>
<td class="one_of_three"><label>Quantity: </label></td>
<td class="two_of_three"><input type="text" name="quantity" id="quantity" value="<?php echo"$db_quantity";?>"/></td>
<td><label class="errors" id="quantityError"> </label></td>
</tr>
<tr>
<td class="one_of_three"><label>Picture: </label></td>
<td class="two_of_three"><input type="file" name="userfile[]" id="pic"/></td>
<td><label class="errors" id="picError"> </label></td>
</tr>
<tr>
<td class="one_of_three"><label>Status: </label></td>
<td class="two_of_three">
<select name="status" id="status" value="">
<option value="<?php echo"$db_status";?>"><?php echo(ucfirst(strtolower($db_status)));?></option>
<option value="available">Available</option>
<option value="new">New</option>
</select>
</td>
<td><label class="errors" id="statusError"> </label></td>
</tr>
<!--
<tr>
<td class="one_of_three"><label>Catagory: </label></td>
<td class="two_of_three">
<select name="catagory" id="catagory">
<option value="cd">CD</option>
<option value="tshirt">T-Shirt</option>
</select>
</td>
<td><label class="errors" id="statusError"> </label></td>
</tr>-->
<tr>
<td class="one_of_three"> </td>
<td class="two_of_three"><input name="add" id="save_button" type="submit" value="Add Item"/> <a href="../">Cancel</a>.</td>
<td> </td>
</tr>
</table>
</fieldset></form>
<?php
}
}
else {echo "<p>Product not found.</p>";}//the item could not be found!!!
// free result set from memory
mysql_free_result($result);
// close connection
mysql_close($connection);
}
?>
<?php ob_end_flush()?>
당신이 게시 코드와 더 구체적인 것을 시도 빈 작업 필드를두고 적어도 당신은 이미 시도 것을 우리에게 보여줍니다. 또한 *'$ _GET '은 URL에 매개 변수를 다시 추가하지 않으면 페이지간에 보존되지 않습니다. 양식을 업데이트하기 위해 자바 스크립트를 사용하고 있습니까? jQuery는 배우기 쉽습니다. – Amelia
코드가 너무 많습니다. 그 부분을 * 관련된 * 부분으로 잘라주십시오. – deceze