这是我在页面 purchase_form1 上的 php 代码
<?php
include_once("includes/form_functions.php");
$id = 0;
if (isset($_GET['id']) && ($_GET['id'] != ''))
{
$id = (int)htmlspecialchars($_GET['id']);
}
$query = "SELECT * from db_purchase_form where id = $id";
$result = mysql_query($query);
$has_data = false;
while($row = mysql_fetch_row($result))
{
$has_data = true;
$product_name = $row[1];
$choice_actor = $row[2];
$user_name = $row[3];
$user_email = $row[4];
$vdo_script = $row[5];
$hrt_msg = $row[6];
$portApproval = $row[7];
$delivery = $row[8];
$net_price = $row[9];
}
if(isset($_POST['submit']))
{
if ($has_data == true)
{
$sql = "UPDATE db_purchase_form SET ";
$sql .= "db_product_name = '" . $product_name . "', ";
$sql .= "db_actor = '" . $choice_actor . "', ";
$sql .= "db_user_name = '" . $user_name . "', ";
$sql .= "db_user_email = '" . $user_email . "', ";
$sql .= "db_vdo_script = '" . $vdo_script . "', ";
$sql .= "db_hrt_msg = '" . $hrt_msg . "', ";
$sql .= "db_port_approval = '" . $portApproval . "', ";
$sql .= "db_delivery = '" . $delivery . "', ";
$sql .= "db_price = '" . $net_price . "', ";
$sql .= "db_date_time = NOW() ";
$sql .= "WHERE id = '{$id}'";
}
else
{ // validation for form purchaseform and insert into DB if all is good.
if(empty($message)) // $,message i used for errors. This line means if all validations above are okay
{
$insert = // INSERT INTO MYSQL DB
$result = mysql_query($insert);
if($result)
{
$lastInsertedId = mysql_insert_id();
$timestamp = time();
header('Location:purchase_form1_conf.php?'.http_build_query(array('id' => $lastInsertedId,'time' => $timestamp,'hash' => sha1('some-generated-key'.$timestamp.$lastInsertedId))));
}
else
{
$message = "The data cannot be inserted.";
$message .= "<br />" . mysql_error();
}
}
页面下方是表单的 HTML 代码
<?php //here i display errors
if(!empty($message))
{
echo "<p style='color:red; font-weight:bold;'>" . $message . "</p>";
}
?>
<form id="PurchaseForm" name="PurchaseForm" method="post" action="purchase_form1.php?id=<?php echo $id;?>"> //this is starting of form.
// actual html form, set for fields using php, the form is very long
<input type="submit" name="submit" value="Buy Now" class="button3">
</form>
现在我将数据发送到 purchase_form1_conf.php。purchase_form1_conf.php 是显示页面,它显示表单数据,如果用户单击编辑按钮,他将返回 purchase_form1.php。
purchase_form1_conf.php 的 PHP 代码
<?php require_once("includes/connection.php"); ?>
<?php
$id = isset($_GET['id']) ? $_GET['id'] : null;
$time = $_GET['time'];
if($_GET['hash'] != sha1('some-generated-key'.$time.$id))
die('URL was tampered with');
//if(time() - $time > 300)
//die('URL was only valid for 5 minutes');
//}
//if (isset($_GET['id']))
//{
//$lastInsertedId = $_GET['id'];
//}
//$id = $_SESSION['last_id'];
//$query = "SELECT * FROM db_purchase_form WHERE id=$lastInsertedId";
//$result = mysql_query($query);
//while($row = mysql_fetch_row($result))
if ($id)
{
$query = "SELECT * FROM db_purchase_form WHERE id=$id";
$result = mysql_query($query);
while($row = mysql_fetch_row($result))
{
$product_name = $row[1];
$choice_actor = $row[2];
$user_name = $row[3];
$user_email = $row[4];
$vdo_script = $row[5];
$hrt_msg = $row[6];
$portApproval = $row[7];
$delivery = $row[8];
$net_price = $row[9];
}
}
?>
// 现在在这里我将我从 DB 中获取的值显示为 $row[1], 2 等等,这个页面上有两个按钮,一个是编辑按钮,另一个是贝宝,但它不是表格,它是只是一个显示从 DB 中提取的值的 DIV,
编辑按钮的代码是
<a href="purchase_form1.php?id=<?php echo $id; ?>" class="button4">Edit</a>
它需要用户购买_form1.php。
现在问题是什么?
当用户在 purchase_form1.php 页面上时,他会看到一个新的表单。这次的url是, http://site.com/purchase_form1.php
他填写来自,点击提交,如果错误,他会显示错误消息,他删除错误并再次点击提交,然后他被带到下一个页面,即purchase_form1_conf.php。
下一页的网址是
一切似乎都很好。
现在,当他看到表单并且想要更改值时,他点击编辑,然后他被带到表单页面的较早页面,并且 url 是 http://site.com/purchase_form1.php?id=54
在两个页面中查看 id =54。到这里为止,一切似乎都很完美。
现在实际问题是,当他在此页面 purchase_form1.php 上编辑表单并单击提交时,URL 既没有更改,也没有更新 DB,没有任何反应。
相反会发生什么?数据库将被更新,用户将再次被带到下一页,新数据。但事实并非如此。