1

我忘记了如何正确地做到这一点。我基本上希望一个 PHP 页面将数据发送到数据库(submitscore.php),另一个从数据库中获取它们并将它们显示在一个表中(showscore.php):

提交分数.php:

if(isset($_POST['score']) && isset($_POST['playername']))
{
    $scorefromflash = mysql_real_escape_string($_POST['score']);
    $namefromflash = mysql_real_escape_string($_POST['playername']);


    $con = mysql_connect("servername","username","password");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }

    mysql_select_db("testdb", $con);

    $sql = "INSERT INTO test (Name, Score) VALUES ('$namefromflash', '$scorefromflash')";

    header("./showscore.php");

    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    }

    mysql_close($con); 
}
?>

显示分数.php

<?php

$con = mysql_connect("server","username","password");
if (!$con)
{
  die('Could not connect: ' . mysql_error());
}

mysql_select_db("testdb", $con);

echo ("Name: ".$namefromflash);
echo ("Score: ".$scorefromflash);

$result = mysql_query("SELECT * FROM test ORDER BY Score DESC");

echo "<table border='1'>
<tr>
<th>Name</th>
<th>Score</th>
</tr>";

while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['Name'] . "</td>";
  echo "<td>" . $row['Score'] . "</td>";
  echo "</tr>";
  }
echo "</table>";

if (!mysql_query($sql,$con))
{
  die('Error: ' . mysql_error());
}

mysql_close($con); 

?>

我问是因为这样做会产生错误Notice: Undefined index: scoreNotice: Undefined index: playername出现在submitscore.php页面上。

它没有向数据库中插入任何记录,也没有显示表格。

谢谢。

4

4 回答 4

2

codes很容易受到sql injection你应该mysql_real_escape_string在将值插入数据库之前使用函数..

你不需要

$scorefromflash = $_POST['score'];
$namefromflash = $_POST['playername'];

在显示分数页面...

于 2013-05-26T12:18:36.117 回答
1

这是对我有用的代码:

提交分数.php:

<?php
if(isset($_REQUEST['score']) && isset($_REQUEST['playername']))
{
    $con = mysql_connect("host","user","password");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }

    mysql_select_db("database", $con);    
    $scorefromflash = mysql_real_escape_string($_REQUEST['score']);
    $namefromflash = mysql_real_escape_string($_REQUEST['playername']);

    $sql = "INSERT INTO test (Name, Score)
           VALUES ('$namefromflash', '$scorefromflash')";

    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    }

    mysql_close($con);

    header("Location: showscore.php");
}
?>

显示分数.php

<?php
$con = mysql_connect("host","user","password");
if (!$con)
{
    die('Could not connect: ' . mysql_error());
}

mysql_select_db("database", $con);

$result = mysql_query("SELECT * FROM test ORDER BY Score DESC");
if (!$result)
{
    die('Error: ' . mysql_error());
}

echo "<table border='1'>
<tr>
<th>Name</th>
<th>Score</th>
</tr>";

while($row = mysql_fetch_array($result))
{
    echo "<tr>";
    echo "<td>" . $row['Name'] . "</td>";
    echo "<td>" . $row['Score'] . "</td>";
    echo "</tr>";
}
echo "</table>";

mysql_close($con);
?>

插入数据后,它会将您重定向到页面,其中显示了包含所有数据的表格。更改数据库凭据。这是我用于测试的 GET 请求:

http://domain/submitscore.php?score=1&playername=2
于 2013-05-26T12:20:53.460 回答
0

我认为您正在尝试设置标题以将页面重新加载回showscore.php$_POST['score'] and $_POST['playername']

在 submitscore.php 中试试这个:

header("location: ./showscore.php?player=$namefromflash&score=$scorefromflash");

在showscore.php里面使用:

$scorefromflash = $_REQUEST['score'];
$namefromflash = $_REQUEST['playername'];
于 2013-05-26T12:21:05.323 回答
0

首先:您的代码没有保存。使用类似的东西mysql_escape_string

这并不是真正的错误。这是(就像它说的)一个通知。您不使用该isset函数来检查变量是否已设置。这个变量有可能没有值,因为之前的页面没有发送它。

如果你使用而不是

$scorefromflash = $_POST['score'];

用这个:

$scorefromflash = isset($_POST['score'])?$_POST['score']:null

那么这个通知就会消失。也适用于其他$_POST

于 2013-05-26T12:23:01.783 回答