PHP使用表单传递数据
[英]PHP passing data using form
问题描述
I have a form which passes data from the index.php to the update.php. 
我有一种将数据从index.php传递到update.php的形式。 The code successfully passed the date of birth variable but it didn't pass the $leadid variable. 该代码成功通过了生日变量date,但是没有通过$ leadid变量。 What is wrong with my code? 我的代码有什么问题?
part of code in index.php index.php中代码的一部分
<form method="post" action="update.php">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Lead ID</td>
<td>
<?php
mysql_connect('localhost', 'root', '');
mysql_select_db('test');
$sql = "SELECT leadid FROM table WHERE lead_no ='$lead_no'";
$result = mysql_query($sql);
$row = mysql_fetch_row($result);
$leadid = $row[0];
echo $leadid;
?>
</td>
</tr>
<tr>
<td width="100">Date of Birth</td>
<td><input name="birth" type="date" id="birth"></td>
</tr>
</table>
</form>
In my update.php i have POST 在我的update.php中,我有POST
$id = $_POST['leadid'];
$birth = $_POST['birth'];
2 个解决方案
解决方案1
4 已采纳 2015-06-25 05:00:58
In your code there is no input field for the leadid variable. 在您的代码中,没有Leadid变量的输入字段。 Try adding a hidden field like this: 尝试添加一个隐藏字段,如下所示:
<input type="hidden" value="<?php echo $leadid;?>" name="leadid" />
Then, that POST variable should be transferred. 然后,应传送该POST变量。
解决方案2
2 2015-06-25 05:14:39
Post does only pass the variables that are wrapped by a html form element like <input> <textarea> or others inside the <form> tag. Post仅传递由html表单元素(如<input> <textarea>或<form>标记内的其他表单)包装的变量。
Since you did not create such a tag for your $leadid variable it's not available for the update.php file. 由于您没有为$leadid变量创建这样的标记,因此对于update.php文件不可用。
Put the following code inside your <form> tag to pass the leadid to the second script. 将以下代码放入您的<form>标记中,以将Leadid传递给第二个脚本。
<input type="hidden" value="<?php echo $leadid;?>" name="leadid" />
Relating to your database query: It is recommended to use prepared statements instead of unprepared. 与数据库查询有关:建议使用准备好的语句,而不要使用未准备的语句。 The way you're currently selecting values from your database is a huge security leak and can be abused for SQL injections! 当前从数据库中选择值的方式存在巨大的安全漏洞,并且可能会被SQL注入滥用! I know you're currently using it for local testing but it's important to know that the code could cause security problems. 我知道您当前正在使用它进行本地测试,但是了解代码可能会导致安全问题很重要。 Here is an example on how to do it with prepared statements: 这是有关如何使用预准备语句的示例:
$mysqli = new mysqli('localhost', 'root', '');
$stmt = $mysqli->prepare("SELECT leadid FROM table WHERE lead_no = ?");
$stmt->bind_param("i", $lead_no); // assuming lead_no is an integer value
$stmt->execute();
$stmt->bind_result($leadid);
$stmt->fetch();
// your lead id is now stored inside $leadid
More information can be found here: http://php.net/manual/de/mysqli.quickstart.prepared-statements.php 可以在这里找到更多信息: http : //php.net/manual/de/mysqli.quickstart.prepared-statements.php
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.