0

变量$CMTID发生意外变化。在提交之前,代码将变量读取为GET. 但是,当ADD查询运行时,它将$CMTID作为$sessionID 处理。我不知道为什么会发生这种变化。任何帮助,将不胜感激。代码如下:

<?php
// Start the session
require_once('startsession.php');

// Insert Page Header
$page_title = 'Comment Entry';
require_once('header.php');

// Make sure the user is logged in before going any further.
if (!isset($_SESSION['email'])) 
{
  echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>';
  exit();
}

// Insert navmenu
require_once('navmenu.php');

// Connect to the database using vary.php
require_once('vary.php');
require_once('appvars.php');
require_once('connectvars.php');

?>

<?php
// Define Profile record to display
if ($_SESSION['ADMIN'] == 'Y')
{
if (!EMPTY($_GET['ID']))
    {
    $CMTID = $_GET['ID'];
    }
else
    {
    $CMTID = $_SESSION['IDNUM'];
    }
}
Else
{
$CMTID = $_SESSION['IDNUM'];
}
// test comment ID
echo 'CMT ID @ START' . $CMTID;

if (isset($_POST['cancel'])) 
{
echo  "<script type='text/javascript'>";
echo "window.close();";
echo "</script>";
}
else
{
if (isset($_POST['submit'])) 
    {
    $errormessage = "";
    // Grab the profile data from the POST and validate
    $COMMENT = mysqli_real_escape_string($dbc, trim($_POST['comment']));
    if(empty($COMMENT))
        {
        $errormessage .= "<li>You must enter a comment.</li>";
        }
    else
        {

        $TYPE = 'ADD';
        // ADD Author Name Search Here
        $queryauthor = "SELECT FNAME, LNAME FROM APP
        WHERE ID_NUM = '" . $_SESSION['IDNUM'] . "'";
        $data = mysqli_query($dbc, $queryauthor);
        while ($row = mysqli_fetch_assoc($data))
        {
          $FNAME = $row['FNAME'];
          $LNAME = $row['LNAME'];
          $AUTHOR = $FNAME . SUBSTR($LNAME, 0, 1);
        }
        // Insert New data to profile
        // Verify all fields completed, if so add record
        if (empty($errormessage))
            {
              $queryadd = "INSERT INTO COMMENTS (ID_NUM, AUTHOR, COMMENT, TYPE) VALUES ('$CMTID','$AUTHOR', '$COMMENT', '$TYPE')";
              mysqli_query($dbc, $queryadd);

              echo $queryadd;
              // Close window
              // echo  "<script type='text/javascript'>";
              // echo "window.close();";
              // echo "</script>";
            }
        mysqli_close($dbc);
        exit();
        }
    }
}
// End of check for form submission

if(!empty($errormessage))
{
  echo('<font color="red"><p>There was an error with your entry:</p>');
  echo("<ul>" . $errormessage . "</ul>\n</font>");
}

// ADD Destination Profile Name Search Here
$queryprofile = "SELECT FNAME, LNAME FROM APP
WHERE ID_NUM = $CMTID";
$data = mysqli_query($dbc, $queryprofile);
while ($row = mysqli_fetch_assoc($data))
{
  $FNAME = $row['FNAME'];
  $LNAME = $row['LNAME'];
}
?>
<form enctype="multipart/form-data" method="post" name="form" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<fieldset>
<legend><b>Add Comments - 
<?php
echo $FNAME . " " . $LNAME . $CMTID;
?>
</b></legend>
<?php
echo '<table>';
?>
<td><textarea id="comment" name="comment" rows="10" cols="80" maxlength="500">
<?php 
if(isset($_POST['comment'])) 
{
  echo htmlentities($_POST['comment']);
}
else
{
  echo "";
}
?>
</textarea></tr>
<?php
echo '</table>';
?>
<font color="red">* - Required field</font>
</fieldset>
<input type="submit" value="Save" name="submit" />
<input type="submit" value="Cancel" name="cancel" />
</form>

<script type="text/javascript" language="JavaScript">
document.forms['form'].elements['comment'].focus();
</script>


<?php
// Insert Page Footer
require_once('footer.php');
?>

感谢您提供的任何帮助。谢谢!

这是当前页面的源输出:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>AVANT Portal - Comment Entry</title><link rel="stylesheet" type="text/css"     href="style.css" />
</head>
<body>
<img src="http://www.avant.jobs/portal/images/Avant_Logo_Small.gif" alt="AVANT Logo" align="top" style="float:right"><h3>AVANT Portal - Comment Entry</h3><hr /><a href="index.php">Home</a> &#9654; <a href="adminmenu.php">Admin Menu</a> &#9654; <a href="profilemenu.php">Edit Profile</a> &#9654; <a href="viewprofile.php">View Profile</a> &#9654; <a href="chgpwd.php">Change Password</a> &#9654; <a href="logout.php">Log Out (kgriffin@avant.jobs)</a><hr />
CMT ID @ START50
<form enctype="multipart/form-data" method="post" name="form" action="/portal/addcomment.php">

<fieldset>
<legend><b>Add Comments - 
Mimi Johnson50</b></legend>
<table><td><textarea id="comment" name="comment" rows="10" cols="80" maxlength="500">
</textarea></tr>
</table><font color="red">* - Required field</font>
</fieldset>
<input type="submit" value="Save" name="submit" />
<input type="submit" value="Cancel" name="cancel" />
</form>

<script type="text/javascript" language="JavaScript">
document.forms['form'].elements['comment'].focus();
</script>


<hr />
<p class="footer">Copyright &copy;2013 AVANT Group, LLC</p>
</body>
</html>
4

1 回答 1

0

这可能是因为您的表单操作没有为 id 传递 get 变量。在您的代码中,您有以下内容:

if (!EMPTY($_GET['ID']))
    {
    $CMTID = $_GET['ID'];
    }
else
    {
    $CMTID = $_SESSION['IDNUM'];
    }
}

它专门告诉变量改变。这是您看到的会话 ID 吗?另外,php self 在 action 属性中解析什么?

编辑 - 您将输出添加到您的帖子中。如您所见,代码中没有对 $_GET['ID'] 的引用,因此您必须将 action 属性更改为:

<?php echo $_SERVER['PHP_SELF'] . (isset($_GET['ID']) ? '&ID='.$_GET['ID'] : ''); ?>
于 2013-09-12T02:06:02.933 回答