0

我正在尝试实现一个用户输入评论并在同一页面中显示的页面。我遇到的问题是,每次您访问该页面时,页面中都没有评论(实际上有评论)。这是我的场景:

  1. 我转到页面,没有评论,我输入评论“你好”,它会立即显示。
  2. 我转到另一个页面,然后我回到评论页面并且没有评论。(评论“你好”应该已经显示)
  3. 我输入评论“hi”,评论“hello”和“hi”都会显示

我解决不了这个问题。。

这是我的代码,很长

  <?php
 session_start(); //starts or continues the session
 require_once('functions.php'); //needed for some function calls
 error_reporting(E_ALL ^ E_NOTICE);
 ?>

<!DOCTYPE html>
<html lang = "en">

<head>
<script type = "text/javascript" src = "functions.js"></script>
<link href="style.css" rel="stylesheet" type="text/css">      
</head>

<body>

<?php
 GetUserLayout($_SESSION['userId'], $_SESSION['superUser']);

 ?>

    <div id = "shareyouridea_form" class = "post">
      <h1> Share your post</h1>    
      <!-- used for the form -->
      <form id = "idea_form" method = "post"  
        action = "<?php echo $PHP_SELF;?>"
    onkeypress = "return DisableEnterKey(event);">
        <table>
      <caption> 
        <strong> 
          <br /> Share post form:
        </strong> 
      </caption>
      <tr class = "spacearound"> <!-- input for bright idea -->
                <td> &emsp;Post: </td>
                <td>
          <textarea form = "idea_form" name = "b_idea" rows = "12" 
          cols = "85" title = "Please describe your product idea" 
          id = "bright_idea" maxlength = "1000"
          onkeypress = 
          "return InputLimiter(event, 'lettersSpacePunctuation');">
          </textarea>
                </td>
              </tr>
    </table>

        <p>
      &emsp;&emsp;&emsp;&nbsp;
      <input type = "reset" value = "Reset" />
      &emsp;&emsp;        
      <input type = "submit" value = "Share Idea!"
        title = "complete form first to submit"
        id = "submit_button"
        name = "add_comment"
                onmousedown = "IsIdeaFormCompleted();" />
    </p>
          </form> <!-- end idea_form -->            
        </div>
  </div> <!-- end of ShareYourIdea_middle -->
  <script>
        DisplayFooter();
 </script>

 <?php
  if(isset($_POST['add_comment'])){ // if add comment was pressed

   // get variables
 $name = $_SESSION['firstName'];
     $empId = $_SESSION['userId'];
     $idea = $_POST['b_idea'];

    // CONNECTING TO OUR DATABASE
$db = mysqli_connect(dbHost, dbUser, dbPassword, dbName);

   if (mysqli_connect_errno()) { //if connection to the database failed
 echo("<p id = 'greatideadescription'>
          Connection to database failed: " .
      mysqli_connect_error($db) . "</p>");
exit("goodbye");
  }  //by now we have connection to the database


// WE WRITE OUR QUERY TO INSERT POST INFO TO DATABASE
 $query = "INSERT INTO posts(postId,empl_Id,post,postDate)
        VALUES('','$empId','$idea',NOW())";
    $result = mysqli_query($db, $query);



  }

 ?>

 <?php
  // WE DO A QUERY TO SHOW ALL COMMENTS IN THE PAGE
 $query = "SELECT firstName,lastName, post,
      date_format((date_add(postDate,interval -7 hour)),'%a, %M, %d, %Y at %I:%i%p' ) as        mydatefield 
      FROM users INNER JOIN posts ON userId = empl_Id
      ORDER BY postDate DESC";

 $result = mysqli_query($db,$query);
 if (!$result) { //if the query failed
    echo("<p id = 'greatideadescription'>
     Error, the query could not be executed: " .
     mysqli_error($db) . "</p>");
    mysqli_close($db);}

if (mysqli_num_rows($result) == 0) { //if no rows returned
  echo("<div id = 'blogs'>
          <div id ='name'>
            No posts detected
          </div>
        </div>
        <div class='fb-like' data-href='http://jacobspayroll.zxq.net/index/blog.php'   data-send='true' data-width='450' data-show-faces='true'></div>
    ");
  mysqli_close($db); //close the database
  exit("</table></div></form></div></div>
      <script>DisplayFooter();</script></body></html>");
      } //by now we know that we have some products purchases returned
  $numRows = mysqli_num_rows($result); //gets number of rows
  $numFields = mysqli_num_fields($result); //gets number of fields
  //prints the data in the table

  while($row = mysqli_fetch_assoc($result)){
  $posted = $row['post'];
  $message = wordwrap($posted,5);
  echo 
    '<div id ="blogs">
        <table id = "blog_id">
          </br>
           <div id = "name">
            <strong>'.$row['firstName'] . '&nbsp;' .$row['lastName'].
          '</strong>
          &nbsp;: ' .$message .
          '<br/> 
          </div>
          <div id ="date">'.
          $row['mydatefield'] . '
          </div>
          <div id ="delete_comment">
            Delete this comment 
          </div>
          <p>
        </table>
    </div>';    
 }
  mysqli_close($db); 

  ?>
  </body>

  </html>
4

2 回答 2

6

你有错误的用法PHP_SELF

//You must use  Server and execution environment information `$_SERVER[]`

$_SERVER['PHP_SELF'];

// For your form action like this
 action = "<?php echo $_SERVER['PHP_SELF'];?>"
于 2013-04-01T02:07:59.040 回答
0

正如凯尔提到的那样,您弄错了,但您可能想要使用$_SERVER['SCRIPT_NAME']而不是$_SERVER['PHP_SELF']then 如果您将它们用于您的脚本,您可能想要添加一些脚本来获取 GET 参数。如果你使用 PHP_SELF,你可能有一个用户链接,script.php/%22%3E%3Cscript%3Ealert('xss')%3C/script%3E%3Cfoo看起来像action="script.php/"><script>alert('xss')</script>或者可能是一个重定向来收集 cookie 等,换句话说就是 XSS 攻击。

$_SERVER['PHP_SELF'] vs $_SERVER['SCRIPT_NAME'] vs $_SERVER['REQUEST_URI']

XSS 问题

$_SERVER['PHP_SELF'] 和 $_SERVER['SCRIPT_NAME'] 有什么区别?

于 2013-04-01T02:14:31.427 回答