PHP $_POST[] 重定向后不为空
我愿意接受诚实的批评和建议。
问题在于函数 $_POST[void] 在重定向后有效。 Quotes.add.php是一个表单,指向quotes.done.php,提交到mysql并使用echo $msg重定向回quotes.add.php并重置以再次填写。
是 header();在这种情况下最好的方法是什么?
报价.done.php
else{
include 'data.php';
$query = "INSERT INTO quotes (`id`, `quotes`, `artist`, `date`) VALUES ('null', '$_POST[text]', '$_POST[artist]', 'null')";
$result = mysql_query($query) or die (mysql_error());
$_POST['void'] = "$_POST[artist] Was Added Successfully to database";
unset ($_POST['artist']);
//var_dump($_POST['void']);
//exit;
header ("location: quotes.add.php");
exit;
}
报价.add.php
if (isset($_POST['void'])) {
$msg = $_POST['void'];
}else{
$msg = "Please insert artist";
}
I'm opening myself to honest critizism and sugggestions.
The issue is with the function $_POST[void] being valid after a redirect. Quotes.add.php is a form that directs to quotes.done.php, submitted to mysql and redirected back to quotes.add.php with an echo $msg and reset to be filled out again.
Is header(); the best method in this case?
quotes.done.php
else{
include 'data.php';
$query = "INSERT INTO quotes (`id`, `quotes`, `artist`, `date`) VALUES ('null', '$_POST[text]', '$_POST[artist]', 'null')";
$result = mysql_query($query) or die (mysql_error());
$_POST['void'] = "$_POST[artist] Was Added Successfully to database";
unset ($_POST['artist']);
//var_dump($_POST['void']);
//exit;
header ("location: quotes.add.php");
exit;
}
quotes.add.php
if (isset($_POST['void'])) {
$msg = $_POST['void'];
}else{
$msg = "Please insert artist";
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
如果您进行重定向,我认为您必须使用 $_SESSION。
我会这样做:
然后
If you do a redirect i think you have to use $_SESSION.
I'd do:
and then
这是干净、正确且安全的方法:
quotes.done.php
quotes.add.php
这里需要注意一些事项:
如果您没有使用包装器来使用准备好的参数化语句来运行数据库查询,您应该至少使用
mysql_real_escape_string()来删除讨厌的东西,以防止SQL注入。正如其他人所指出的,
header()将执行GET请求,因此您没有收到$_POST[void]您正在重定向的页面。这就是为什么您将在网址上使用变量将它们传输到重定向页面,然后使用$_GET获取它们。$_POST[somename]和$_POST['somename']是两个不同的东西。它们会起作用,因为 PHP 会尝试查看是否存在名为somename的常量,如果没有,那么你很幸运,但如果有,那么所有的天都会塌下来。 p>This is the clean, proper, and secure way to do it:
quotes.done.php
quotes.add.php
A couple of things for you to note here:
If you are not using a wrapper for running your db queries with prepared parameterized statements, you should use at least
mysql_real_escape_string()to remove the nasty stuff in order to prevent SQL injection.As noted by others
header()will do aGETrequest, hence why you are not getting the$_POST[void]on the page you are redirecting. That's why you will use variables on your url to transfer them to the redirected page, and then fetch them with$_GET.$_POST[somename]and$_POST['somename']are two different things. They will work, because PHP will try to see if there is a constant namedsomename, if there isn't one, you are lucky, but if there is one, then all sky falls down.如果您想保留 $_POST 变量,请不要重定向。重定向会导致客户端浏览器仅使用 $_GET 参数重新请求页面。
将记录保存到数据库中。获取新的记录ID,重定向到页面并传入ID。然后使用ID来获取并显示记录。
If you want to keep the $_POST variables, don't redirect. A redirect causes the client's browser to re-request the page with only $_GET params.
Save the record to the database. Get the new record ID, redirect to a page and pass in the ID. Then use the ID to fetch and display the record.
重定向不会将值发布到页面。您可以使用会话或 GET。
在您的quotes.add.php页面上
Redirecting will not POST a value to the page. You could use session or GET.
On your quotes.add.php page