0

我正在尝试将网页的用户重定向到两个不同页面之一,具体取决于他们单击的两个按钮中的哪一个。我的方法是将每个 onclick 事件链接到一个 javascript 函数,该函数又会调用一个 php 函数,该函数使用 header() 函数重定向到适当的页面。不幸的是,这两个 php 函数中的后者,即 insertIntoTable(),在每次页面加载和重定向时都会被自动调用,甚至没有让用户有机会查看带有按钮的页面。我想知道这是否是 PHP 扩展方式的产物?我不太明白,因为似乎在 onclick 事件侦听器这样做之前不应该调用包装 javascript 函数,并且在链接的 javascript 函数之前不应该调用 php 函数onclick 这样做。这是代码...

<?php
    session_start();
?>
<html>
    <head>
        <script>
            function createATable()
            {
                <?php createATable(); ?>
            }

            function insertIntoTable()
            {
                <?php insertIntoTable(); ?>
            }
        </script>
    </head>
    <body>
        <?php
            // Define our redirection functions for button click events
            function createATable()
            {
                header("Location: http://codd.edu/Project2/createtable.php?<?php echo htmlspecialchars(SID); ?>");*/
            }
            function insertIntoTable()
            {
                header("Location: http://codd.edu/Project2/insertintotable.php?<?php echo htmlspecialchars(SID); ?>");*/
            }

            // Set session variables so that we don't need to worry about whether
            // we're coming from sign in or registration - if $Session['user_name'] 
            // isn't set, we know were coming from the sign in
            if (!$_SESSION['user_name'])
            {
                $_SESSION['user_name'] = $_POST['nametextbox'];
                $_SESSION['user_psswd'] = $_POST['psswdtextbox'];
                echo "<br />setting session variables";
            }
            echo "<br />Not setting session variables";

            // If we aren't setting the session variables, then we are coming from the 
            // registration page, and therefore know that this isn't an admin account
            $_SESSION['is_admin'] = "false";

            // Connect to database
            $conn = mysql_connect("localhost", "601", "23");
                or die('Could not connect: ' . mysql_error());

            // Open database
            mysql_select_db("601", $conn) 
                or die('Could not find database: ' . mysql_error());

            // Get USER tuples, if any
            $user = mysql_query("SELECT * FROM USERS WHERE name='$_SESSION[user_name]' AND password='$_SESSION[user_psswd]'");

            // If there are no entries for this SELECT command, we cannot 
            // allow the user to log in 
            $num_user = mysql_num_rows($user);
            if ($num_user < 1) 
            {
                $_SESSION['is_user'] = "false";
                header("Location: http://codd.edu/Project2/login.php?<?php echo htmlspecialchars(SID); ?>");
                exit;
            } 
            else 
            {
                $_SESSION['user_id'] = SID;
                $_SESSION['is_user'] = "true";
                echo "Welcome ", $_SESSION['user_name'], "!";
                echo "<br />User ID: " . $_SESSION['user_id'];
                echo "<br /> User Password: " . $_SESSION['user_psswd'];
                echo "Is valid user? " . $_SESSION['is_user'];
                session_destroy();

                echo "<button name='createtable' onclick='createATable()'>Create a Table</button>";
                echo "<br /><button name='insert' onclick='insertIntoTable()'>Insert into Table</button>";
            }
        ?>
    </body>
</html>
4

2 回答 2

2

我看不出为什么createATable()不应该在页面加载时调用。PHP 在 javascript 之前在不同的环境中进行评估。此外,PHP 允许您在调用它之后定义/声明一个函数,这正是您正在做的事情。

假装是 PHP 解释器:它不知道 javascript 是什么。你甚至可以在它之前和之后换<?php createATable(); ?>行,它会运行。yadayadayada ... qweryasdasd

请阅读此内容,看看是否有帮助: http: //www.developer.com/tech/article.php/923111/Client-side-Versus-Server-side-Coding---Part-1.htm

PS.:这与您的问题无关,但请看一下:http ://en.wikipedia.org/wiki/SQL_injection

于 2012-10-27T23:06:48.607 回答
0

php 在服务器上运行,htnl 输出到客户端。

Instead of trying to use php to redirect, use javascript or a simple a href.

于 2012-10-27T23:17:41.513 回答