我有一個廣告網站項目,用戶可以在其中爲不同的旅遊相關業務添加優惠信息。我爲每個提議創建了動態生成的頁面,並且我想添加一個評論框給訪問者發表意見。該頁面是應該生成的,鏈接是advert.php?id = 2,其中id是該報價的ID。當我點擊評論的提交按鈕時,頁面鏈接會變爲advertisement.php?advertisement_comment = & place_comment = Place + comment其中advertisement_comment是評論框的名稱,place_comment是提交按鈕的名稱。正因爲如此,我得到了注意:未定義的索引:id在C:\ xampp \ htdocs \ Project \ advertisement.php第3行。我的id變量等於$ _GET ['id'],但由於頁面url更改它不能再弄點吧。有什麼辦法可以阻止鏈接改變嗎?如果不是,也許你可以想到一個不同的數據庫結構和php代碼,我可以用它來獲得我想要的地方,因爲我有點卡住了。如果我需要在降級之前以任何方式編輯我的問題,請告訴我。非常感謝你!動態生成的頁面在按下提交按鈕時更改其鏈接
代碼所生成的頁面:
<?php
session_start();
$id = $_GET['id'];
require_once("includes/db_connect.php");
$query_dynamic_advertisement = "SELECT * FROM advertisings WHERE id = '$id'";
$result_dynamic_advertisement = mysql_query($query_dynamic_advertisement) or die (mysql_error());
$fetch_dynamic_advertisement = mysql_fetch_assoc($result_dynamic_advertisement);
// Hit counter
$query_advertising_views="UPDATE advertisings SET advertising_views = advertising_views + 1 WHERE id = '$id'";
$result_advertising_views=mysql_query($query_advertising_views) or die (mysql_error());
// Comments
if (isset($_POST['place_comment']))
{
$comment = mysql_real_escape_string($_POST[advertisement_comment]);
$advertising_id = $_SESSION['id'];
$query_place_comment = "INSERT INTO advertising_comments VALUES ('', '$comment', '$advertising_id')";
mysql_query($query_place_comment) or die (mysql_error());
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/style.css">
<title>Title</title>
</head>
<body>
<div id="wrapper">
</br>
<a href="index.php"><h3>Home</h3></a>
<a href="index.php"><img src="images/logo.png" alt="SporeDEV logo" id="logo"></a>
</br>
<!-- Meniu -->
<ul>
<li><a href="signup.php">Signup</a></li>
<li><a href="login.php">Login</a></li>
<li><a href="forgot_password.php">Forgot Password</a></li>
<li><a href="includes/logout.php">Logout</a></li>
<li><a href="advertising_panel.php">Advertising Panel</a></li>
<li><a href="user_panel.php">User Panel</a></li>
<li><a href="user_profile.php">User Profile</a></li>
<li><a href="admin_panel.php">Admin Panel</a></li>
</ul>
<!-- Sfarsit de meniu -->
</br>
<?php
echo "<p> General information </p>";
echo "</br>";
echo "Location name: {$fetch_dynamic_advertisement['location_name']}";
echo "</br>";
echo "Location type: {$fetch_dynamic_advertisement['location_type']}";
echo "</br>";
echo "</br>";
echo "</br>";
echo "<p> Address </p>";
echo "</br>";
echo "Region: {$fetch_dynamic_advertisement['region']}";
echo "</br>";
echo "Settlement: {$fetch_dynamic_advertisement['settlement']}";
echo "</br>";
echo "Street: {$fetch_dynamic_advertisement['street']}";
echo "</br>";
echo "Street number: {$fetch_dynamic_advertisement['street_number']}";
echo "</br>";
echo "</br>";
echo "</br>";
echo "<p> Contact information </p>";
echo "</br>";
echo "E-mail: {$fetch_dynamic_advertisement['email']}";
echo "</br>";
echo "Phone: {$fetch_dynamic_advertisement['phone']}";
echo "</br>";
echo "Website: <a href={$fetch_dynamic_advertisement['website']} target=_blank>{$fetch_dynamic_advertisement['website']}</a>";
echo "</br>";
echo "</br>";
echo "</br>";
echo "<p> Statistics </p>";
echo "</br>";
echo "Added: {$fetch_dynamic_advertisement['add_date']}";
echo "</br>";
echo "Modified: {$fetch_dynamic_advertisement['last_modified']}";
echo "</br>";
echo "Advertising views: {$fetch_dynamic_advertisement['advertising_views']}";
echo "</br>";
echo "</br>";
echo "</br>";
echo "<p> Description </p>";
echo "</br>";
echo "Description: {$fetch_dynamic_advertisement['description']}";
echo "</br>";
echo "</br>";
echo "</br>";
echo "<p> Comments </p>";
echo "</br>";
?>
<!-- Comment form -->
<p> Add a comment </p>
</br>
<form action = "advertisement.php?id=<?php echo $id;?>" method = "$_POST">
<textarea name="advertisement_comment"></textarea>
</br>
<input type="submit" name="place_comment" class="button_1" value="Place comment">
</form>
</div>
</body>
</html>
表advertising_comments的結構是:ID(INT 11,自動增量),註釋(VARCHAR 255),advertising_id(INT 11,這應該是相同初始頁面的ID)。
我知道MySQL已折舊。如果您有時間,請檢查以下問題:Simplest MySQL to MySQLi transition
的確是這個問題。在我解決了這個問題之後,我得到了另一個錯誤,因爲我的$ advertisement_comment錯了,沒有引用密鑰。我應該如何清理$ id? html_special_chars是可以的(因爲我使用MySQL而不是MySQLi)? – SporeDev
我不認爲html_special_chars會完全保護您免受惡意SQL的攻擊 - 您需要使用mysql_real_escape_string(http://php.net/manual/en/function.mysql-real-escape-string.php) 。如果您的ID是數字,您可以將該變量作爲int值進行類型化。像'$ id =(int)$ _GET ['id']' – odlp
是的,我這樣做,它工作,我擔心如果我使用mysql_real_escape_string它將不再工作,但事實並非如此。非常感謝,我不知道我應該清理URL中的變量,我只知道來自輸入的變量。 – SporeDev