2016-08-14 69 views
0

我嘗試使用「landlord_home.php」中使用方法POST的表單的按鈕中的值屬性發送值。問題是,當我點擊按鈕進入下一頁「edit_post.php」時,它會在該頁面執行php驗證代碼,並在該頁面中顯示驗證錯誤。將value屬性的值發送到其他php頁面?

如何在不使用表單(POST或GET方法)的情況下將值傳遞給「edit_post.php」或者有沒有其他方法?

while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { 
    echo '<tr> 
      <td>' . $row['property_id'] . '</td> 
      <td>' . $row['username']. '</td> 
      <td>' . $row['property_type']. '</td> 
      <td>RM' . $row['property_price']. '</td> 
      <td>' . $row['address']. '</td> 
      <td>' . $row['location']. '</td> 
      <td> 
       <img src="data:property_type;base64,' . 
       $row['property_picture'] . 
       '" class="img-thumbnail" width="100" height="100"> 
      </td> 
      <td>' . $row['title'] . '</td> 
      <td>' . $row['description'] . '</td> 
      <td>' . date('F d, Y h:mA', strtotime($row['reg_date'])) . '</td> 
      <td> 
       <form action="edit_post.php" method="POST"> 
       <button class="btn btn-success btn-sm" name="edit" value="' . 
       $row['property_id'] . '"> 
        Edit 
       </button> 
       <br> 
       <button class="btn btn-danger btn-sm" name="delete" 
       value="'.$row['property_id'] . '"> 
        Delete 
       </button> 
       </form> 
      </td> 
      </tr>'; 
} 
echo '</table>'; 

以上是「landlord_home.php」中的代碼。以下是我在上面的代碼中討論的代碼部分。

<form action="edit_post.php" method="POST"> 
    <button class="btn btn-success btn-sm" name="edit" value="' . 
    $row['property_id'] . '"> 
    Edit 
    </button> 
    <br> 
    <button class="btn btn-danger btn-sm" name="delete" value="' . 
    $row['property_id'] . '"> 
    Delete 
    </button> 
</form> 

及以下下一頁 「edit_post.php」

session_start(); 
    $user = $_SESSION['username']; 
    if(!isset($_SESSION['username'])) { 
    require('login_tools_landlord.php'); 
    load(); 
    } 
?> 

<!DOCTYPE html> 
<html> 
    <head> 
    <meta charset="utf-8"> 
    <title>Edit Property</title> 
    <link rel="stylesheet" href="css/add_property.css"> 
    <link rel="stylesheet" href="css/header.css"> 
    <link rel="stylesheet" href="css/bootstrap.min.css"> 
    <script type="text/javascript" src="js/jquery.js"></script> 
    <script type="text/javascript" src="js/bootstrap.js"></script> 
    </head> 
    <body> 
    <?php include 'includes/header_landlord.php' ?> 
    <div class="container wrapper"> 
     <div class="text-center title_bar"> 
     <h3>Fill in your property details</h3> 
     <?php 
     if ($_SERVER['REQUEST_METHOD'] == 'POST') { 
      require ('core/connect_db.php'); 
      $errors = array(); 

      if (isset($_POST['edit'])) { 

      $edit = $_POST['edit']; 
      $q = "SELECT * FROM property WHERE property_id = '$edit'"; 
      $r = mysqli_query($dbc, $q); 

      $row = mysqli_fetch_array($r, MYSQLI_ASSOC); 
      $prop_type = $row['property_type']; 
      $price = $row['property_price']; 
      $address = $row['address']; 
      $location = $row['location']; 
      $pic = $row['property_picture']; 
      $title = $row['title']; 
      $desc = $row['description']; 
      $dt = $row['reg_date']; 

      if (empty($_POST['property_type'])) { 
       $errors[] = 'Choose property type.'; 
      } else { 
       $pr = mysqli_real_escape_string($dbc, trim($_POST['property_type'])); 
      } 

      if (empty($_POST['price'])) { 
       $errors[] = 'Enter your property price.'; 
      } else { 
       $p = mysqli_real_escape_string($dbc, trim($_POST['price'])); 
      } 

      if (empty($_POST['address'])) { 
       $errors[] = 'Enter your address.'; 
      } else { 
       $ad = mysqli_real_escape_string($dbc, trim($_POST['address'])); 
      } 

      if (empty($_POST['location'])) { 
       $errors[] = 'Choose your location.'; 
      } else { 
       $lo = mysqli_real_escape_string($dbc, trim($_POST['location'])); 
      } 

     // if (empty($_POST['picture'])) { 
     // $errors[] = 'Pick a picture.'; 
     // } else { 
     // $pc = mysqli_real_escape_string($dbc, trim($_POST['picture'])); 
     // } 
      if (isset($_POST['submit'])) { 
       if (getimagesize($_FILES['picture']['tmp_name']) == FALSE) { 
        $errors[] = "Please select an image."; 
       } else { 
       $picture = addslashes($_FILES['picture']['tmp_name']); 
       $name = addslashes($_FILES['picture']['name']); 
       $picture = file_get_contents($picture); 
       $picture = base64_encode($picture); 
       } 
      } 

      if (empty($_POST['title'])) { 
       $errors[] = 'Enter your title.'; 
      } else { 
       $ti = mysqli_real_escape_string($dbc, trim($_POST['title'])); 
      } 

      if (empty($_POST['description'])) { 
       $errors[] = 'Enter your description.'; 
      } else { 
       $de = mysqli_real_escape_string($dbc, trim($_POST['description'])); 
      } 

     if (empty($errors)) { 
      $qa = " 
      UPDATE property 
      SET property_type = '$pr', property_price = '$p', address = '$ad', 
       location = '$lo', property_picture = '$picture', title = '$ti', 
       description = '$de', reg_date = NOW() 
      WHERE property_type = '$prop_type', property_price = '$price', 
       address = '$address', location = '$location', 
       property_picture = '$pic', title = '$title', 
       description = '$desc', reg_date = '$dt' 
      "; 
      $ra = mysqli_query($dbc, $qa); 

      if ($ra) { 
      echo '<h1 class="sccs_msg">Successful</h1> 
        <p class="sccs_msg">REDIRECTING YOU TO DASHBOARD in 3 SECOND</p> 
        <meta http-equiv="refresh" content="3;URL=landlord_home.php" />'; 

      } 
      mysqli_close($dbc); 
      exit(); 
     } else { 
      echo '<h1 class="err_msg">ERROR!</h1> 
      <p class="err_msg">The following error(s) occurred:<br>'; 
      foreach ($errors as $msg) { 
      echo "- $msg<br>"; 
      } 
      echo 'Please try again.</p>'; 
      mysqli_close($dbc); 
     } 
     } 
    } 
    ?> 

     </div> 
     <form method="post" action="edit_post.php" enctype="multipart/form-data"> 
     <div class="form-group"> 
      <label for="property_type">Property Type</label> 
      <select class="form-control" name="property_type" id="property_type" 
      value="<?php 
      if (isset($_POST['property_type'])) { 
       echo $_POST['property_type']; 
      } 
      ?>"> 
      <option></option> 
      <option>Room</option> 
      <option>Whole Unit</option> 
      </select> 
     </div> 
     <div class="form-group"> 
      <label for="price">Unit Price(RM)</label> 
      <input type="text" class="form-control" name="price" id="unit_price" 
      placeholder="Unit Price" value="<?php 
      if (isset($_POST['price'])) { 
       echo $_POST['price']; 
      } 
      ?>"> 
     </div> 
     <div class="form-group"> 
      <label for="address">Address</label> 
      <textarea class="form-control" name="address" id="address" rows="3" 
      value="<?php 
      if (isset($_POST['address'])) { 
       echo $_POST['address']; 
      } 
      ?>"></textarea> 
     </div> 
     <div class="form-group"> 
      <label for="location">Location</label> 
      <select class="form-control" name="location" id="location" 
      value="<?php 
      if (isset($_POST['location'])) { 
       echo $_POST['location']; 
      } 
      ?>"> 
      <optgroup label="Kuala Lumpur"> 
       <option></option> 
       <option>Puchong</option> 
       <option>Salak Selatan</option> 
       <option>Segambut</option> 
       <option>Sentul</option> 
       <option>Seputih</option> 
      </optgroup> 
      <optgroup label="Selangor"> 
       <option>Cheras</option> 
       <option>Damansara</option> 
       <option>Cyberjaya</option> 
       <option>Kajang</option> 
       <option>Kelana Jaya</option> 
      </optgroup> 
      </select> 
     </div> 
     <div class="form-group"> 
      <label for="picture">Picture</label> 
      <input type="file" class="form-control-file" name="picture" 
      id="picture" aria-describedby="fileHelp" 
      value="<?php 
      if (isset($_POST['picture'])) { 
       echo $_POST['picture']; 
      } 
      ?>"> 
      <small id="fileHelp" class="form-text text-muted"> 
      Please provide a photo of your property. 
      </small> 
     </div> 
     <div class="form-group"> 
      <label for="title">Title</label> 
      <input type="text" class="form-control" name="title" id="title" 
      placeholder="Post Title" value="<?php 
      if (isset($_POST['title'])) { 
       echo $_POST['title']; 
      } 
      ?>"> 
     </div> 
     <div class="form-group"> 
      <label for="description">Description</label> 
      <textarea class="form-control" name="description" id="description" 
      rows="3" value="<?php 
      if (isset($_POST['description'])) { 
       echo $_POST['description']; 
      } 
      ?>"></textarea> 
     </div> 
     <button type="submit" class="btn btn-primary" name="submit"> 
      Submit 
     </button> 
     </form> 
    </div> 
    </body> 
</html> 
+0

**警告**:使用'mysqli'時,您應該使用[參數化查詢](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)和['bind_param' ](http://php.net/manual/en/mysqli-stmt.bind-param.php)將用戶數據添加到您的查詢。 **不要**使用手動轉義和字符串插值或串聯來實現此目的,因爲如果您忘記正確地轉義像您一樣的東西,您將創建嚴重的[SQL注入漏洞](http://bobby-tables.com/)用'$ edit'。 – tadman

+0

@tadman感謝您的提醒。有點新手在PHP。我仍然沒有探索php的安全性,所以我的代碼非常脆弱。 – Amher25

+0

意識到這是採取一種不會讓自己陷入麻煩的紀律的第一步。通常在你編寫代碼後,它有一種蠕蟲進入生產的方式,所以最好是安全而不是抱歉。 – tadman

回答

0

如何傳遞價值 「edit_post.php」 的代碼,而無需使用一種形式(POST或GET方法)還是有其他方法?

我不知道要明白你的意思以上,除非你想說,而無需使用額外的可見表單輸入
如果是這樣,那麼答案包含在問題:你只是一個隱藏輸入添加到您的形式(而放棄按鈕值):在edit_post.php

<form action="edit_post.php" method="POST"> 
    <input type="hidden" name="property-id" value=" . $row['property_id'] . '"> 
    <button class="btn btn-success btn-sm" name="edit"> 
    Edit 
    </button> 
    <br> 
    <button class="btn btn-danger btn-sm" name="delete"> 
    Delete 
    </button> 
</form> 

然後你可以使用$_POST['property-id']作爲你要。


BTW我有點驚訝於edit_post.php看你$qa查詢:除非我錯過了一些微妙的,它的WHERE條款是無效的,因爲它的建成像一個逗號分隔的條件列表(雖然他們也許應該被AND)。

相關問題