2

我对 PHP 还是比较陌生。我正在尝试建立一个隐私设置页面,让成员选择退出触发事件的自动电子邮件(即私人消息通知)。我希望根据数据库设置自动设置复选框。到目前为止,表单确实正确更新了数据库,但复选框状态不会显示正确的设置,除非两次按下提交按钮,或者重新加载页面。设置为“0”表示未选中,“1”表示选中。我很想使用 Ajax 或 jQuery 来处理这个问题,但我根本不知道这些。

隐私设置.php

<?php
  $id = "";
  $pm_mail_able = "";
  $pm_email = "";

  if (isset($_GET['id'])) {
    $id = preg_replace('#[^0-9]#i', '', $_GET['id']); // filter everything but numbers
  } else if (isset($_SESSION['idx'])) {
    $id = $logOptions_id;
  } else {
    header("location: index.php");
    exit();
  }

  //query to get checkbox status
  $sql = mysql_query("SELECT * FROM members WHERE id='$id'");

  while($row = mysql_fetch_array($sql)){
    $pm_mail_able = $row['pm_mail_able'];
  }

  switch ($pm_mail_able) {
    case 0:
      $pm_setting = NULL;
      break;
    case 1:
      $pm_setting = "checked=\"checked\"";
      break;
  }

  if(isset($_GET['pm_email']) && !empty($_GET['pm_email'])) {
    $updateqry = mysql_query("UPDATE members SET pm_mail_able='1' WHERE id='$id'");
  } else {
    $updateqry = mysql_query("UPDATE members SET pm_mail_able='0' WHERE id='$id'");
  }

?>

<html>
    Email Notifications<br />

    <form name="testform" method="get" action="PvResult.php">
        When a friend sends me a private message
        <input type="checkbox" name="pm_email" value="on"<?php echo $pm_setting;?> />
        <br /><br />
        <input type="submit" value="Submit" />
    </form>
</html>

PvResult.php

<?php

  $url = 'http://www.mywebsite.com';

  //If the form isn't submitted, redirect to the form
  if(!isset($_GET['Submit']))
    header('Location: '.$url.'/privacysettings.php');

  //Redirect to the correct location based on form input
  $pm_email = $_GET['pm_email'];
  $url .= '/privacysettings.php?pm_email='.$pm_email;

  header('Location: '.$url);
?>
4

2 回答 2

2

好的,希望这不仅可以回答您的问题,还可以为您提供一些您可能想要考虑的最佳实践。

您可以相对容易地将这两个脚本合并为一个。另外,我强烈建议使用 POST 而不是 GET;GET 非常有限,并不打算像您使用它一样提交数据。如果您要更改后端存储中的数据,那么使用 GET 会很麻烦。也许不是今天,也许不是明天,但它会的,相信我。

真的应该考虑转移到 PDO而不是 mysql_ 函数。PDO 在处理参数化查询方面要好得多,为了更好的安全性,你真的应该在这里拥有它,如果有一天你想移动到不同的数据库系统,它更便携。

我对您的应用程序如何获得 $id 仍然有些模糊。大多数应用程序从 $_SESSION 变量中获取它,以确保用户已成功验证登录。如果你不这样做,这样做。您可能想彻底消化这篇文章,它有很多关于身份验证和“记住我”类型功能的多汁最佳实践。

这里有一点重写。我还没有实际测试过它,但它应该可以让你很好地了解如何满足你的迫切需求。如果它抛出任何错误(请记住免责声明:我还没有实际测试过它!),请告诉我,我会尝试调试它。

<?php
$message = '';
$pm_setting = '';
$id = 0;

// Put your $id retrieval logic here.  It should look something like:
if (isset($_SESSION['id'])) {
    $id = $_SESSION['id'];
    if (!preg_match('/^\\d{1,10}$/', $id) > 0) {
        // Someone is trying to hack your site.
        header("location: scum.php");
        exit();
    }
    $id = intval($id);
}
// Quick security note: You might want to read up on a topic called
// session hijacking if you want to ensure your site is secure and
// this $id isn't spoofed.

if (isset($_POST['Submit'])) {
    // The form is being submitted.  We don't need to read the current
    // pm_mail_able setting from the database because we're going to
    // overwrite it anyway.
    if ($id > 0) {
        $pm_mail_able = 0;
        if (isset($_POST['pm_email']) && $_POST['pm_email'] === 'on') {
            $pm_mail_able = 1;
            $pm_setting = 'checked ';
        }
        $query = 'UPDATE members SET pm_mail_able='.$pm_mail_able.
            ' WHERE id = '.$id;
        mysql_query($query);
        // Another quick security note: You REALLY need to consider
        // updating to PDO so that you can bind these parameters
        // instead. The mysql_ functions are probably going to be
        // deprecated soon anyway.

        if (mysql_affected_rows($query) > 0)
            $message = '<p style="color: #00a000;">Settings saved!</p>';
        else
            $message = '<p style="color: #a00000;">User id not valid.</p>';
    }
    else
        $message = '<p style="color: #a00000;">User id not valid.</p>';
}

else {
    // This is the first load of the form, we need to just display it
    // with the existing setting.
    if ($id > 0) {
        $query = mysql_query('SELECT * FROM members WHERE id = '.$id);
        if (($row = mysql_fetch_array($query, MYSQL_ASSOC)) !== FALSE)
            if ($row['pm_mail_able'] === 1) $pm_setting = 'checked ';
    }
}

?>
<html>
    <body>
        <?= $message ?>
        <!-- Without action parameter, form submitted to this script. -->
        <form name="testform" method="post">
            E-mail notifications<br />
            <input type="checkbox" name="pm_email" value="on" <?= $pm_setting ?>/>
            When a friend sends me a private message
            <br /><br />
            <input type="submit" value="Submit" />
        </form>
    </body>
</html>
于 2012-07-01T04:25:35.190 回答
1

尝试进行这些设置,看看它是否会起作用:

1)您需要在“on”和“checked=checked”之间添加一个空格

<input type="checkbox" name="pm_email" value="on" <?php echo $pm_setting;?> />

2)您必须通过其名称引用提交按钮,而不是其值

<input type="submit" name="Submit" value="Send" />

3) 当设置为“0”时,设置$pm_setting为空字符串,而不是NULL

case 0:
    $pm_setting = '';

4)也许有一些问题$_GET['pm_email']并且else总是被执行

5)如果当你按下提交按钮两次时一切正常,这意味着表单正在传递一些使代码工作的 GET var,所以尝试发现这是什么 var

于 2012-07-01T03:47:10.333 回答