-2

我的问题是我的 html/php 表单在发布时没有“刷新”。我一直在通过“元刷新”来解决这个问题,但最近在我想要回显某些内容时遇到了一个问题,并且由于“元刷新”而从未出现过,我尝试了一些没有运气的事情,在这里是代码。

<?php //SESSION START
    session_start();
    if ($_SESSION['username']){
        //grant access
    }else{
        header('Location: login.html');
    }
    if(session_is_registered(username)){
        $username = $_SESSION['username'];
        if ($username!==Administrator){
            //grant access
        }else{
            header('Location: index.php');
        }
    }
?>

<html>
    <head>
        <meta charset=UTF-8 />
        <link rel="stylesheet" type="text/css" href="css/main_style.css" />
        <title>XYZ Car Rental - Rent a Car</title>
        <link rel="icon" href="favicon.ico" />
    </head>

    <body>
        <div id="container">
            <div id="header">
                <span style="color:#38C0CC;">XYZ</span> Car Rental
            </div>
            <div id="banner"><?php echo "Welcome ".$_SESSION['username'].". "?></div>
            <!--Greets user with "Welcome 'username'"-->
            <div id="navbar">
                <?php //navigation bar privaledges
                    if(session_is_registered(username)){//if logged in
                        $username = $_SESSION['username'];//creates variable: username
                        if ($username==Administrator){//if the username is equal to 'Administrator' show the following navigation
                ?>
                <a href="index.php"><div class="button"><img src="images/home.jpg" /></div></a>
                <a href="add_car.php"><div class="button"><img src="images/insert_car.jpg" /></div></a>
                <a href="remove_car.php"><div class="button"><img src="images/remove_car.jpg" /></div></a>
                <a href="update_car.php"><div class="button"><img src="images/update_car.jpg" /></div></a>
                <a href="view_car.php"><div class="button"><img src="images/view_cars.jpg" /></div></a>
                <div class="seperator"></div>
                <a href="add_user.php"><div class="button"><img src="images/add_user.jpg" /></div></a>
                <a href="remove_user.php"><div class="button"><img src="images/remove_user.jpg" /></div></a>
                <a href="update_user.php"><div class="button"><img src="images/update_user.jpg" /></div></a>
                <a href="view_user.php"><div class="button"><img src="images/view_users.jpg" /></div></a>
                <div class="seperator"></div>
                <a href="logout.php"><div class="button"><img src="images/logout.jpg" /></div></a>
                <?php }else{ //else, show the navigation bar for a user ?>
                <a href="index.php"><div class="button"><img src="images/home.jpg" /></div></a>
                <a href="rent_car.php"><div class="button"><img src="images/rent_car_s.jpg" /></div></a>
                <a href="return_car.php"><div class="button"><img src="images/return_car.jpg" /></div></a>
                <a href="view_car.php"><div class="button"><img src="images/view_cars.jpg" /></div></a>
                <div class="seperator"></div>
                <a href="logout.php"><div class="button"><img src="images/logout.jpg" /></div></a>
                <?php
                        }
                    }
                //close if's
                ?>
            </div>
            <div id="content">
                <span style="font-size:28px;">Rent Cars</span>
                <hr />
                <?php
                    $link = mysql_connect ("localhost", "root", "password");//connect to database
                    mysql_select_db ("cardatabase");//select database
                    $query = "SELECT * from cars";//select all from table, cars
                    $result = mysql_query ($query, $link);//result = query

                    $available = $_POST[available];
                    //$available = the posted available

                    if (isset($_POST['submit'])){//if submit is pressed, execute

                        if($available>0){//if there is a car avaialble of that type
                            //add one of those cars to the table, rentedcars
                            //include the name of the users session for extra purposes
                            mysql_query("INSERT INTO rentedcars(REAL_ID,ID,CARMAKE,CARMODEL,FUELTYPE,TRANSMISSION,ENGINESIZE,DOORS,DATEADDED,USERNAME) SELECT '',id,carmake,carmodel,fueltype,transmission,enginesize,doors,dateadded,'$username' FROM cars WHERE id='$_POST[hidden]'");
                            //after it has been added, run another query to reduce the 'available' by 1
                            //available = available - 1
                            mysql_query ("UPDATE cars SET available=available-1 WHERE id='$_POST[hidden]'");
                            //echo "<meta http-equiv='refresh' content='0;url=rent_car.php'/>";
                            //refresh the page after it is complete
                            $success = "Car Rented.";

                        }else{//if the 'available' == 0
                            $error = "There is no more cars of that type available.";
                            //creates a variable, to be printed in a different div
                            //all of that type are no longer available
                            //stops renting cars below 0
                        }
                    }

                    //echos the table & titles
                    echo "<table cellspacing=3 border=1 style='font-size:13px;background-color:white;'>
                        <tr style='background-color:#38C0CC;'>
                        <td>ID</td>
                        <td>Make</td>
                        <td>Model</td>
                        <td>Fuel Type</td>
                        <td>Transmission</td>
                        <td>Engine Size</td>
                        <td>Doors</td>
                        <td>Amount</td>
                        <td>Available</td>
                        <td>Date Added</td>
                        <td></td>
                        <td>Rent</td>
                        </tr>";


                    //while loop to display data from the database into a form
                    while($row = mysql_fetch_array($result))
                    {
                        echo "<form action=rent_car.php method=post>";
                        echo "<tr>";
                        echo "<td>"."<input type=text name=id value=".$row['ID'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=carmake value=".$row['CARMAKE'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=carmodel value=".$row['CARMODEL'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=fueltype value=".$row['FUELTYPE'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=transmission value=".$row['TRANSMISSION'].">" . " </td>";//value = database value
                        echo "<td>"."<input type=text name=enginesize value=".$row['ENGINESIZE'].">" . " </td>";//value = database value
                        echo "<td>"."<input type=text name=doors value=".$row['DOORS'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=amount value=".$row['AMOUNT'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=available value=".$row['AVAILABLE'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=dateadded value=".$row['DATEADDED'].">"." </td>";//value = database value
                        echo "<td>"."<input type=hidden name=hidden value=".$row['ID'].">"." </td>";//hidden value
                        //hidden value helps target the ID value when it is not available
                        echo "<td>"."<input type=submit name=submit value=Rent>"." </td>";//submit
                        echo "</tr>";
                        echo "</form>";
                    }
                    //close while loop
                    echo "</table>";
                    //close table
                ?>
                <div id="errorbox">
                    <?php echo $error; ?>
                    <!--echos the error-->
                    <!--no more cars available-->
                </div>

                <div id="successbox">
                    <?php echo $success; ?>
                    <!--echos the success-->
                    <!car has been rented-->
                </div>
            </div>

            <br style="clear:both;" />
            <!--clears the float-->
            <div id="footer">
                XYZ Car Rental™
            </div>
        </div>
    </body>
</html>

我知道代码有点让人头疼,任何帮助都会很棒!

4

1 回答 1

1

这里有很多问题。

首先,当您应该使用 PDO 或 MySQLi 时,您正在使用 mysql_*。见这里

第二,

echo "<form action=rent_car.php method=post>";

应该:

echo "<form action='rent_car.php' method='POST'>";

第三,您使用的是常量而不是字符串:

if ($username!==Administrator){

应该

if ($username!=='Administrator'){

第四,您容易受到 SQLi 攻击:

mysql_query ("UPDATE cars SET available=available-1 WHERE id='$_POST[hidden]'");
mysql_query("INSERT INTO rentedcars(REAL_ID,ID,CARMAKE,CARMODEL,FUELTYPE,TRANSMISSION,ENGINESIZE,DOORS,DATEADDED,USERNAME) SELECT '',id,carmake,carmodel,fueltype,transmission,enginesize,doors,dateadded,'$username' FROM cars WHERE id='$_POST[hidden]'");

您在更多地方也缺少报价。

您必须再次刷新页面以查看更新内容的原因是因为您在更新之前获取数据。反过来做。先更新数据,然后获取:

所以有这个:

$result = mysql_query ($query, $link);//result = query

在您下方if检查是否已发布任何内容:

 if (isset($_POST['submit'])){//if submit is pressed, execute

在该 IF 下方进行选择查询。那应该可以解决当前的问题。但是,请不要忽略所有其他人。

于 2013-01-02T18:25:57.680 回答