1. 首頁
  2. 問答
  3. Framework7未將URL變量傳遞到下一頁

Framework7未將URL變量傳遞到下一頁

2016-02-08 58 views
1

我無法讓Framework7在下一頁使用URL變量?username=User1Framework7未將URL變量傳遞到下一頁

它被生成並分配給所述鏈接頁面1上,但不會在任一SQL查詢或頁面上的回波發言2.

第1個集合的與超鏈接變量習慣;

profile.php?username=<?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8'); ?>

Page 2'gets'變量using;

<?php $username = (isset($_GET['username']))? trim(strip_tags($_GET['username'])) : ""; ?>

Framework7是一個Web應用程序框架 - www.idangero.us/framework7/。

修改爲添加使用變量的profile.php的完整源代碼。

<?php 

    // First we execute our common code to connection to the database and start the session 
    require("common.php"); 

    // At the top of the page we check to see whether the user is logged in or not 
    if(empty($_SESSION['user'])) 
    { 
     // If they are not, we redirect them to the login page. 
     header("Location: index.php"); 

     // Remember that this die statement is absolutely critical. Without it, 
     // people can view your members-only content without logging in. 
     die("Redirecting to index.php"); 
    } 

    // Everything below this point in the file is secured by the login system 



    // We can retrieve a list of members from the database using a SELECT query. 
    // In this case we do not have a WHERE clause because we want to select all 
    // of the rows from the database table. 
    $query = " 
     SELECT 
      id, 
      username, 
      email 
     FROM users WHERE username = '$username' 
    "; 

    try 
    { 
     // These two statements run the query against your database table. 
     $stmt = $db->prepare($query); 
     $stmt->execute(); 
    } 
    catch(PDOException $ex) 
    { 
     // Note: On a production website, you should not output $ex->getMessage(). 
     // It may provide an attacker with helpful information about your code. 
     die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Finally, we can retrieve all of the found rows into an array using fetchAll 
    $rows = $stmt->fetchAll(); 
?> 

<?php include('header.php') ?> 

<div class="pages navbar-through toolbar-through"> 
<div class="page" data-page="profile"> 

<div class="page-content"> 

<div class="content-block"> 
<div class="content-block-inner"> 

<?php 
print_r($_GET); 
?> 

<p>Profile content will go here - <?php echo '&username'; ?></p> 
<?php foreach($rows as $row): ?> 
    <div>Username: <?php echo $row['username'] ?></div> 
    <div>Location: <?php echo $row['email'] ?></div> 

<?php endforeach; ?> 

<a href="private.php">Go Back</a><br /> 
</div> 

</div> 
</div> 

</div> 
</div> 

<?php include('footer.php') ?>

我還印製了$GET變量,可以看到變量值實際傳遞 - 它只是沒有在查詢中由於某種原因使用。

來源

2016-02-08 Ben Yates

+0

你可以添加輪廓的'生成的源之前。 php?username = User1' – Bloafer

+0

@Bloafer我已經添加了完整的代碼。 –

回答

1

你還沒有指定的$username變量,你應該使用這樣的事情:

<?php 

    // First we execute our common code to connection to the database and start the session 
    require("common.php"); 

    // At the top of the page we check to see whether the user is logged in or not 
    if(empty($_SESSION['user'])) 
    { 
     // If they are not, we redirect them to the login page. 
     header("Location: index.php"); 

     // Remember that this die statement is absolutely critical. Without it, 
     // people can view your members-only content without logging in. 
     die("Redirecting to index.php"); 
    } 

    // Everything below this point in the file is secured by the login system 



    // We can retrieve a list of members from the database using a SELECT query. 
    // In this case we do not have a WHERE clause because we want to select all 
    // of the rows from the database table. 

    $username = (isset($_GET['username']))? trim(strip_tags($_GET['username'])) : ""; 

    $query = " 
     SELECT 
      id, 
      username, 
      email 
     FROM users WHERE username = '$username' 
    "; 

    try 
    { 
     // These two statements run the query against your database table. 
     $stmt = $db->prepare($query); 
     $stmt->execute(); 
    } 
    catch(PDOException $ex) 
    { 
     // Note: On a production website, you should not output $ex->getMessage(). 
     // It may provide an attacker with helpful information about your code. 
     die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Finally, we can retrieve all of the found rows into an array using fetchAll 
    $rows = $stmt->fetchAll(); 
?> 

<?php include('header.php') ?> 

<div class="pages navbar-through toolbar-through"> 
<div class="page" data-page="profile"> 

<div class="page-content"> 

<div class="content-block"> 
<div class="content-block-inner"> 

<?php 
print_r($_GET); 
?> 

<p>Profile content will go here - <?php echo $username; ?></p> 
<?php foreach($rows as $row): ?> 
    <div>Username: <?php echo $row['username'] ?></div> 
    <div>Location: <?php echo $row['email'] ?></div> 

<?php endforeach; ?> 

<a href="private.php">Go Back</a><br /> 
</div> 

</div> 
</div> 

</div> 
</div> 

<?php include('footer.php') ?>

你也應該逃避你輸入的去到DB

來源

2016-02-08 11:54:50 Bloafer

+0

非常感謝@Bloafer - 工作。 –

相關問題

 相關問題