0

我有一个 PHP 页面,代码的各个部分包含 2 个 MySQL 语句。我正在使用生成的结果集来设置 cookie 值,然后再调用它。然而,当我调用 cookie 数据时,它不会更新 cookie 值的显示,直到第二次刷新之后。为了更好地理解,这是代码的 3 部分:

<?php
include 'functions.php';
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
    $SqlStatement = "SELECT Deceased.PK_Deceased, Deceased.Date_Death, Personal_Info.First_Name, Personal_Info.Last_Name FROM Deceased INNER JOIN Personal_Info ON Personal_Info.PK_Personal_Info = Deceased.FK_Personal_Info WHERE Deceased.FK_Personal_Info = '".$_POST['cboDeceased']."'";

    $result = ExecuteSql($SqlStatement);
    if(mysqli_num_rows($result) == 1)
    {
        $row = mysqli_fetch_array($result);
        setcookie('deceasedID', $row['PK_Deceased'], time()+360000, '/');
        setcookie('deceasedName', ($row['First_Name']." ".$row['Last_Name']), time()+360000, '/');
        setcookie('deceasedDoD', $row['Date_Death'], time()+360000, '/');
    }
}
?>

这是从回发中提取数据的代码。我认为这是不正确的部分,但我不确定。

<tr>
<td width="25%" rowspan="2" align="center">Current User: <?php echo $_COOKIE['username']; ?> </td>
<td width="25%" rowspan="2" align="center">Current Deceased: <?php if(isset($_COOKIE['deceasedName']))echo $_COOKIE['deceasedName']; ?></td>
<td width="50%" rowspan="2" align="center">Deceased Date of Death: <?php if(isset($_COOKIE['deceasedDoD']))echo $_COOKIE['deceasedDoD']; ?></td>

这是将 cookie 数据加载到字段中的代码,以及需要第二次刷新才能正确显示的部分。

<form action="<?php $_SERVER['PHP_SELF'];?>" method="post">
<table align="center" width="500" border="0.5">
<tr>
<td width="176" align="right" style="font-weight:bold;">Please select deceased:</td>
<td width="214">
  <select name="cboDeceased" id="cboDeceased">
    <option>Select...</option>
    <?php
    $SqlStatement = "SELECT Deceased.PK_Deceased , Personal_Info.First_Name, Personal_Info.Last_Name FROM Deceased INNER JOIN Personal_Info ON Personal_Info.PK_Personal_Info = Deceased.FK_Personal_Info";

    $res = ExecuteSQL($SqlStatement);

    while($row = mysqli_fetch_array($res))
    {
        echo "<option value='".$row['PK_Deceased']."'>".$row['First_Name']." ".$row['Last_Name']."</option>";
    }
?>

这是将基于 ID 的变量传递给第一个代码块的代码。这部分工作正常。

function ExecuteSQL($SQL)
{
$con = mysqli_connect("localhost", "root", "", "exec_support_db");
$res = mysqli_query($con, $SQL);
mysqli_close($con);
return $res;
}

这是 ExecuteSQL 函数的代码。我知道这不是问题。

我认为问题出在第一个代码块的上方,但我不确定。我已经尽我所能,现在没有想法。任何帮助,将不胜感激。

4

1 回答 1

0

除了 DaveRandom 上面提到的 SQL 注入之外,请查看有关 setcookie 工作原理的 php 手册:

http://php.net/manual/en/function.setcookie.php

它特别提到信息被注入到标题中,因此在您的下一页加载之前不可用。你可能想做类似的事情

if(isset($_COOKIE['deceasedID']))
{
    $deceasedID = $_COOKIE['deceasedID'];
}
else
{
    setcookie('deceasedID', $row['PK_Deceased'], time()+360000, '/');
    $deceasedId = $row['PK_Deceased'];
}
于 2013-03-08T23:25:30.720 回答