变量$CMTID
发生意外变化。在提交之前,代码将变量读取为GET
. 但是,当ADD
查询运行时,它将$CMTID
作为$session
ID 处理。我不知道为什么会发生这种变化。任何帮助,将不胜感激。代码如下:
<?php
// Start the session
require_once('startsession.php');
// Insert Page Header
$page_title = 'Comment Entry';
require_once('header.php');
// Make sure the user is logged in before going any further.
if (!isset($_SESSION['email']))
{
echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>';
exit();
}
// Insert navmenu
require_once('navmenu.php');
// Connect to the database using vary.php
require_once('vary.php');
require_once('appvars.php');
require_once('connectvars.php');
?>
<?php
// Define Profile record to display
if ($_SESSION['ADMIN'] == 'Y')
{
if (!EMPTY($_GET['ID']))
{
$CMTID = $_GET['ID'];
}
else
{
$CMTID = $_SESSION['IDNUM'];
}
}
Else
{
$CMTID = $_SESSION['IDNUM'];
}
// test comment ID
echo 'CMT ID @ START' . $CMTID;
if (isset($_POST['cancel']))
{
echo "<script type='text/javascript'>";
echo "window.close();";
echo "</script>";
}
else
{
if (isset($_POST['submit']))
{
$errormessage = "";
// Grab the profile data from the POST and validate
$COMMENT = mysqli_real_escape_string($dbc, trim($_POST['comment']));
if(empty($COMMENT))
{
$errormessage .= "<li>You must enter a comment.</li>";
}
else
{
$TYPE = 'ADD';
// ADD Author Name Search Here
$queryauthor = "SELECT FNAME, LNAME FROM APP
WHERE ID_NUM = '" . $_SESSION['IDNUM'] . "'";
$data = mysqli_query($dbc, $queryauthor);
while ($row = mysqli_fetch_assoc($data))
{
$FNAME = $row['FNAME'];
$LNAME = $row['LNAME'];
$AUTHOR = $FNAME . SUBSTR($LNAME, 0, 1);
}
// Insert New data to profile
// Verify all fields completed, if so add record
if (empty($errormessage))
{
$queryadd = "INSERT INTO COMMENTS (ID_NUM, AUTHOR, COMMENT, TYPE) VALUES ('$CMTID','$AUTHOR', '$COMMENT', '$TYPE')";
mysqli_query($dbc, $queryadd);
echo $queryadd;
// Close window
// echo "<script type='text/javascript'>";
// echo "window.close();";
// echo "</script>";
}
mysqli_close($dbc);
exit();
}
}
}
// End of check for form submission
if(!empty($errormessage))
{
echo('<font color="red"><p>There was an error with your entry:</p>');
echo("<ul>" . $errormessage . "</ul>\n</font>");
}
// ADD Destination Profile Name Search Here
$queryprofile = "SELECT FNAME, LNAME FROM APP
WHERE ID_NUM = $CMTID";
$data = mysqli_query($dbc, $queryprofile);
while ($row = mysqli_fetch_assoc($data))
{
$FNAME = $row['FNAME'];
$LNAME = $row['LNAME'];
}
?>
<form enctype="multipart/form-data" method="post" name="form" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<fieldset>
<legend><b>Add Comments -
<?php
echo $FNAME . " " . $LNAME . $CMTID;
?>
</b></legend>
<?php
echo '<table>';
?>
<td><textarea id="comment" name="comment" rows="10" cols="80" maxlength="500">
<?php
if(isset($_POST['comment']))
{
echo htmlentities($_POST['comment']);
}
else
{
echo "";
}
?>
</textarea></tr>
<?php
echo '</table>';
?>
<font color="red">* - Required field</font>
</fieldset>
<input type="submit" value="Save" name="submit" />
<input type="submit" value="Cancel" name="cancel" />
</form>
<script type="text/javascript" language="JavaScript">
document.forms['form'].elements['comment'].focus();
</script>
<?php
// Insert Page Footer
require_once('footer.php');
?>
感谢您提供的任何帮助。谢谢!
这是当前页面的源输出:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>AVANT Portal - Comment Entry</title><link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<img src="http://www.avant.jobs/portal/images/Avant_Logo_Small.gif" alt="AVANT Logo" align="top" style="float:right"><h3>AVANT Portal - Comment Entry</h3><hr /><a href="index.php">Home</a> ▶ <a href="adminmenu.php">Admin Menu</a> ▶ <a href="profilemenu.php">Edit Profile</a> ▶ <a href="viewprofile.php">View Profile</a> ▶ <a href="chgpwd.php">Change Password</a> ▶ <a href="logout.php">Log Out (kgriffin@avant.jobs)</a><hr />
CMT ID @ START50
<form enctype="multipart/form-data" method="post" name="form" action="/portal/addcomment.php">
<fieldset>
<legend><b>Add Comments -
Mimi Johnson50</b></legend>
<table><td><textarea id="comment" name="comment" rows="10" cols="80" maxlength="500">
</textarea></tr>
</table><font color="red">* - Required field</font>
</fieldset>
<input type="submit" value="Save" name="submit" />
<input type="submit" value="Cancel" name="cancel" />
</form>
<script type="text/javascript" language="JavaScript">
document.forms['form'].elements['comment'].focus();
</script>
<hr />
<p class="footer">Copyright ©2013 AVANT Group, LLC</p>
</body>
</html>