通过用户未提供的PHP发布形式发送数据
[英]Sending data though PHP post form that isn't provided by the user
问题描述
I need to pass a variable though $_POST. 
我需要通过$ _POST传递变量。 This varaible will never be supplied by the user interacting with the form. 与用户交互的表单永远不会提供该变量。 Basically when you click a button it grabs a number from a database, I need to transfer this number from one page, to a form, and from that form to another page. 基本上,当您单击一个按钮时,它将从数据库中获取一个数字,我需要将此数字从一页转移到表单,然后从该表单转移到另一页。 Without the user seeing it or being able to edit it. 用户看不到它或无法对其进行编辑。 Later I need to be able to create an array with multiple numbers, right now I'm starting small with just the one. 后来我需要能够创建一个包含多个数字的数组,现在我从一个数字开始。 I'm sure it's simple. 我敢肯定这很简单。 I figured a cookie would work but when I start have to transfer multiple numbers and then access them, I believe I would run into problems. 我认为Cookie可以工作,但是当我开始必须转移多个数字然后访问它们时,我相信我会遇到问题。 Unless you can store an array within a cookie. 除非您可以在cookie中存储数组。
Perhaps imploding the the array of multiple numbers, say 比如说,也许会破坏多个数字的数组
$MyArray = array(1, 2, 3, 4);
$ArrayToString = implode(",",$MyArray);
setcookie("My_Numbers", $ArrayToString, TIMEHERE);
and then when I access them just do 然后当我访问它们时
$NewArray = explode(","$_COOKIE['My_Numbers']);
setcookie("My_Numbers", "", PASTTIME);
print_r($NewArray);
I just thought of this while I was writing this up. 我在撰写本文时就想到了这一点。 Hopefully there is a more secure, perhaps easier way. 希望有一种更安全,也许更简单的方法。
2 个解决方案
解决方案1
0 2013-11-13 01:43:20
使用$ _SESSION变量,它将在您所在的所有页面中保持活动状态。直到销毁它们为止
解决方案2
0 已采纳 2013-11-13 01:46:36
<input name="yourName" type="hidden" value="<?php echo $yourVariable; ?>" />
if you want to stay away from session variables go this route. 如果您想远离会话变量,请选择此路线。 otherwise $_SESSION is a decent way to go as well. 否则,$ _SESSION也是一个不错的选择。 although i'm not sure what the data is exactly and if it truly belongs in a $_SESSION var 虽然我不确定确切的数据是什么,以及它是否真正属于$ _SESSION变量
EDIT: 编辑:
using a hypothetical person table 使用假设的person表
//form page user sees
<?php
$query = "SELECT * FROM `person` WHERE `personId` = '$_GET['personId']`";
//assume we get the data into $row array
?>
<form action="process.php">
<input name="id" type="hidden" value="<?php echo $row['personId']; ?>" />
<input name="firstName" type="text" value="<?php echo $row['firstName']; ?>" />
<input name="lastName" type="text" value="<?php echo $row['lastName']; ?>" />
<input name="submit" type="submit" value="submit" />
</form>
//process.php
<?php
$query = "UPDATE `person` SET `firstName` = '$_POST['firstName']', `lastName` = '$_POST['lastName']' WHERE `personId` = '$_POST['personId']";
?>
remember this example is VERY vulnerable to SQL injection. 请记住,这个示例非常容易受到SQL注入的攻击。 please fetch your data a better way. 请以更好的方式获取您的数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.