1

我正在编写一个应用程序,允许用户为潜在员工上传推荐信。

每个引用都会发送一封电子邮件,其中包含 URL 末尾的唯一字符串。因此,例如,地址看起来类似于:www.mywebaddress?url=503241a20b5085_18720621。

要确定唯一字符串是否有效(即存在于数据库中),我需要进行查询搜索。但是,当引用尝试访问 URL 时,他需要回答安全问题。所以,我还需要检查答案是否有效,他之前是否上传过等,以确定将他重定向到哪个页面。

但是因为查询,我的代码要求用户点击“提交”两次。这真的很烦人,但我不知道如何解决它。

这是我的代码的相关摘录:

if ( isset ($_GET['url']) ) {
        $query = "SELECT * FROM ref_info WHERE url='" . $_GET['url'] . "'";
        $result = $db->execute($query);
        if ( empty ($result) ) {
            //error message

        } else {
            $url = $_GET['url'];

            if ( $_SESSION['validated'] ) {
                if ( $result[0]['uploaded'] ==1 ) {
                    $_SESSION['uploaded'] =true;
                } else {
                    $_SESSION['uploaded'] =false;   
                }

                include_once("process_upload.php"); 

            } else { 
                if ( empty($result[0]['answer']) ) {
                    include_once("security.php");

                } else {
                    include_once("security_check.php");
                }
            }
        }

}

有什么办法可以让表单只需要提交一次吗?

在此先感谢您的任何建议!!

4

1 回答 1

1 
if ( isset ($_GET['url']) ) {
        $query = "SELECT * FROM ref_info WHERE url='" . $_GET['url'] . "'"; //that is really not secure. Take a look at mysql_real_escape_string or something like that in yor $db
        $result = $db->execute($query);
        if ( empty ($result) ) {
            //error message

        } else {
            $url = $_GET['url'];
            if (empty($result[0]['answer']) ) { // page is just opened,form is not yet submitted - ask sequrity question
                include_once("security.php");    
            } else { //oh. Submit is done - let me check if it is Ok
                include_once("security_check.php");
            }
            if ( $_SESSION['validated'] ) { //validation is Ok? Yeah. Answer is not posted yet, so validation fails and we do nothing. Just show a form with a question
                if ( $result[0]['uploaded'] ==1 ) {
                    $_SESSION['uploaded'] =true;
                } else {
                    $_SESSION['uploaded'] =false;   
                }

                include_once("process_upload.php"); 

            } 
        }

}
于 2012-08-23T13:32:08.837 回答