0

我有一个广告网站项目,用户可以在其中添加不同旅游相关业务的报价。我为每个报价创建了动态生成的页面,我想在其中添加一个评论框,访问者可以在其中发表他们的意见。该页面按原样生成,链接为 ads.php?id=2,其中 id 是该商品的 id。当我单击评论的提交按钮时,页面链接更改为advertisement.php?advertisement_comment=&place_comment=Place+comment,其中advertisement_comment 是评论框的名称,place_comment 是提交按钮的名称。因此,我在第 3 行收到通知:未定义索引:C:\xampp\htdocs\Project\advertisement.php 中的 id。我的 id 变量等于 $_GET['id'] 但由于页面 url 发生变化,它不能再得到它。有什么办法可以防止链接改变?如果不是,也许您可​​以想到一个不同的数据库结构和 php 代码,我可以用它们来到达我想要的地方,因为我有点卡住了。如果我需要在降级之前以任何方式编辑我的问题,请告诉我。非常感谢!

生成页面的代码:

<?php
    session_start();
    $id = $_GET['id']; 
    require_once("includes/db_connect.php");


    $query_dynamic_advertisement = "SELECT * FROM advertisings WHERE id = '$id'";
    $result_dynamic_advertisement = mysql_query($query_dynamic_advertisement) or die (mysql_error());
    $fetch_dynamic_advertisement = mysql_fetch_assoc($result_dynamic_advertisement);

    // Hit counter
    $query_advertising_views="UPDATE advertisings SET advertising_views = advertising_views + 1 WHERE id = '$id'";
    $result_advertising_views=mysql_query($query_advertising_views) or die (mysql_error());

    // Comments
    if (isset($_POST['place_comment']))
    {
        $comment = mysql_real_escape_string($_POST[advertisement_comment]);
        $advertising_id = $_SESSION['id'];
        $query_place_comment = "INSERT INTO advertising_comments VALUES ('', '$comment', '$advertising_id')";
        mysql_query($query_place_comment) or die (mysql_error());       
    }
?>
<!DOCTYPE html>
<html>
    <head>
        <link rel="stylesheet" type="text/css" href="css/style.css">
        <title>Title</title>
    </head>
    <body>
        <div id="wrapper">
            </br>
            <a href="index.php"><h3>Home</h3></a>
            <a href="index.php"><img src="images/logo.png" alt="SporeDEV logo" id="logo"></a>
            </br>
            <!-- Meniu -->
            <ul>
                <li><a href="signup.php">Signup</a></li>
                <li><a href="login.php">Login</a></li>
                <li><a href="forgot_password.php">Forgot Password</a></li>
                <li><a href="includes/logout.php">Logout</a></li>
                <li><a href="advertising_panel.php">Advertising Panel</a></li>
                <li><a href="user_panel.php">User Panel</a></li>
                <li><a href="user_profile.php">User Profile</a></li>
                <li><a href="admin_panel.php">Admin Panel</a></li>
            </ul>
            <!-- Sfarsit de meniu -->
            </br>
            <?php
                echo "<p> General information </p>";
                echo "</br>";
                echo "Location name: {$fetch_dynamic_advertisement['location_name']}";
                echo "</br>";
                echo "Location type: {$fetch_dynamic_advertisement['location_type']}";
                echo "</br>";
                echo "</br>";
                echo "</br>";
                echo "<p> Address </p>";
                echo "</br>";
                echo "Region: {$fetch_dynamic_advertisement['region']}";
                echo "</br>";
                echo "Settlement: {$fetch_dynamic_advertisement['settlement']}";
                echo "</br>";
                echo "Street: {$fetch_dynamic_advertisement['street']}";
                echo "</br>";
                echo "Street number: {$fetch_dynamic_advertisement['street_number']}";
                echo "</br>";
                echo "</br>";
                echo "</br>";
                echo "<p> Contact information </p>";
                echo "</br>";
                echo "E-mail: {$fetch_dynamic_advertisement['email']}";
                echo "</br>";
                echo "Phone: {$fetch_dynamic_advertisement['phone']}";
                echo "</br>";
                echo "Website: <a href={$fetch_dynamic_advertisement['website']} target=_blank>{$fetch_dynamic_advertisement['website']}</a>";
                echo "</br>";
                echo "</br>";
                echo "</br>";
                echo "<p> Statistics </p>";
                echo "</br>";
                echo "Added: {$fetch_dynamic_advertisement['add_date']}";
                echo "</br>";
                echo "Modified: {$fetch_dynamic_advertisement['last_modified']}";
                echo "</br>";
                echo "Advertising views: {$fetch_dynamic_advertisement['advertising_views']}";
                echo "</br>";
                echo "</br>";
                echo "</br>";
                echo "<p> Description </p>";
                echo "</br>";
                echo "Description: {$fetch_dynamic_advertisement['description']}";
                echo "</br>";
                echo "</br>";
                echo "</br>";
                echo "<p> Comments </p>";
                echo "</br>";
            ?>  
                <!-- Comment form -->
                <p> Add a comment </p>
                </br>
                <form action = "advertisement.php?id=<?php echo $id;?>" method = "$_POST">
                    <textarea name="advertisement_comment"></textarea>
                    </br>
                    <input type="submit" name="place_comment" class="button_1" value="Place comment">
                </form>

        </div>
    </body>
</html>

表advertising_comments的结构为:id(int 11, autoincrement),comment (varchar 255),advertising_id(int 11,这个应该和初始页面的id一样)。

我知道 MySQL 已经贬值了。如果你有时间,请检查这个问题:最简单的 MySQL 到 MySQLi 的转换

4

1 回答 1

2

您的 URL 在表单提交后发生更改,因为它默认为 GET 方法。这是由于您的表单元素中的拼写错误。

更改此行:

<form action = "advertisement.php?id=<?php echo $id;?>" method = "$_POST">

至:

<form action="advertisement.php?id=<?php echo $id;?>" method="post">

这将允许您使用 POST 提交评论表单。

额外注意,您应该清理所有用户输入,包括页面 ID,以防止 SQL 注入攻击。这是不安全的:

$id = $_GET['id'];
于 2013-09-16T13:23:41.867 回答