[英]Passing variables in PHP pages
I have read a value from a form as input form the user. 我已经从表单中读取了一个值作为用户的输入表单。 the form is POST. 表格是POST。
<form action="form_handler.php" method="POST">
Then, in the form_handler.php
page I saved this value in a variable. 然后,在form_handler.php
页面中,我将此值保存在变量中。 $productID=$_POST['product'];
Then, I want to pass this variable via link to another page as: 然后,我想通过链接将该变量传递给另一个页面,如下所示:
echo "<a href='products.php?prodID=".$productID."' title='Products
Page' class='whatEver'>click here for product details</a>";
When I click the link, I see the value in the link. 单击链接时,我会在链接中看到该值。 But, inside the page products.php
I want to make MySQL query for the product details as: 但是,在页面products.php
内,我想使MySQL查询产品详细信息,如下所示:
$sql = "SELECT * FROM products WHERE prodID = '$productID'";
I get 0 results. 我得到0个结果。 I also tried to echo the $productID value and it seems empty and not the value that I saw in the URL. 我还尝试回显$ productID值,它似乎为空,而不是我在URL中看到的值。
What is my mistake please? 请问我是什么错误? How can I make the database query to fetch the product details based on the productID variable I passed in the link? 如何基于链接中传递的productID变量进行数据库查询以获取产品详细信息?
NOTE: I am trying to make a demo for MySQL injection vulnerability. 注意:我正在尝试制作一个MySQL注入漏洞的演示。 Please, ignore security issues here. 请在这里忽略安全性问题。
When you sent variables in a link followed by ?var=value
当您在链接中发送变量时,后跟?var=value
You need to get it with something like 你需要用类似的东西
$variable = $_GET['var'];
In your case your products.php should have $prodid = $_GET['prodID'];
在您的情况下,您的products.php应该具有$prodid = $_GET['prodID'];
echo "<a href='products.php?prodID=".$productID."' title='Products
Page' class='whatEver'>click here for product details</a>";
Looks to me like you are passing it into products.php as prodID
. 在我看来,就像您将其作为prodID
传递到products.php中一样。 Could you try using: 您可以尝试使用:
$sql = "SELECT * FROM products WHERE prodID = '$prodID'";
Instead? 代替?
Just like before when you used $productID=$_POST['product'];
就像之前使用$productID=$_POST['product'];
, you need to do the same thing to use a variable in products.php, except instead of a post variable, it's a get variable (because it's in the url). ,您需要做同样的事情才能在products.php中使用变量,除了使用post变量之外,它是一个get变量(因为它在url中)。 Use $productID=$_GET["productID"]
使用$productID=$_GET["productID"]
You can not get like that the productID .. You have to put `$productID = $_GET['prodID']; 您不能获得那样的productID ..您必须输入`$ productID = $ _GET ['prodID'];。 ' the you can use that variable with sql query . 您可以在SQL查询中使用该变量。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.