1

我已经尝试解决这个问题两天了,但没有运气。我正在使用带有 Javascript 的 PHP,我正在尝试访问另一个页面上的 Javascript 变量。

这是我的 Javascript 代码,它只提醒用户 taskID 是什么......

<script>
function myFunction(taskID)
{
alert("Task #" + taskID);

}
</script>

这是我的PHP

//select all tasks for this report
            $tasks = mysqli_query($conn,"SELECT taskID, hoursSpent, workDone, plannedTasks FROM Tasks where reportID = $report_id AND projID = $proj_id");
            $task_count = 1;
            while($row1 = mysqli_fetch_array($tasks))
            {
                $taskID = $row1['taskID'];
                //display the task information
                echo "<strong id='tasks'>Task #" . $task_count . "</strong>";
                echo " - <a href = '#' onclick ='myFunction($taskID)'>Edit</a><br>";


                echo "Hours Spent: " . $row1['hoursSpent'] . "<br><br>"; 
                echo "Accomplished: <br>" . $row1['workDone'] . "<br><br>";
                echo "Planned for Next week: <br>" . $row1['plannedTasks'] . "<br>";
                echo "<br>";
                $task_count++;
            }

如何将该 taskID 传递到另一个页面,以便我可以编辑任务信息?

谢谢!

4

2 回答 2

2

Just change this:

echo " - <a href = '#' onclick ='myFunction($taskID)'>Edit</a><br>";

To

echo " - <a href = 'editTask.php?id=".$taskID."'>Edit</a><br>";

And you're there. Just make sure that, in the editTask.php file, you check the id:

$editID = (int) $_GET['id'];//<-- $editID will hold an int, that is the id of the record the user wanted to edit.

Quite apart from that: good to see you're using an up-to-date extension for mysql. Nevertheless, code like this:

mysqli_query($conn,"SELECT taskID, hoursSpent, workDone, plannedTasks FROM Tasks where reportID = $report_id AND projID = $proj_id");

Will leave you vulnerable for injection attacks. Please do look into prepared statements.

$tasks = mysqli_query($conn, 'SELECT taskID, hoursSpent, workDone, plannedTasks FROM Tasks WHERE reportID = ? AND projID = ?');
mysqli_stmt_bind_param($tasks, 'i', $reportID);//replace i with s if should be a string etc...

Once your building queries based on client side data (which you will be doing with this: using the url to get the id...), it's the easiest way to protect yourself against a very common threat.

check this link
This one
And of course, this one to understand what injection is

于 2013-04-16T17:17:06.993 回答
0

Like this

<script>
function myFunction(taskID) {
  location="nextpage.php?task="+taskID;
  return false;

}
</script>



echo " - <a href = '#' onclick ='return myFunction("'.$taskID.'")'>Edit</a>

Or simpler

echo " - <a href='nextpage.php?task='.$taskID.'">Edit</a>
于 2013-04-16T17:18:02.190 回答