堆栈内存溢出
  简体   繁体   English

从另一个表单添加数据时,$ _ POST / $ _ GET与在同一页面上提交数据的$ _POST / $ _ GET

[英]$_POST/$_GET with that submits data on the same page gets erased when adding data from another form

 原文  2016-09-16 21:12:01       php/ mysql/ post/ refresh

问题描述

I have the following situation: 我有以下情况:

I have created a code for a Search box that allows the user to do some advanced search and created a prepared mysql statement. 我为搜索框创建了一个代码,该代码允许用户进行一些高级搜索并创建了准备好的mysql语句。 The form target is the same page. 表单目标是同一页。

I have also created another form that allows sorting. 我还创建了另一种允许排序的表格。 The form target is the same page. 表单目标是同一页。

The problem is that if I search for something and then I sort the data, it gets back to the default query (without the parameters set on the search box) so it sorts the whole data. 问题是,如果我搜索某些东西然后对数据进行排序,它将返回到默认查询(没有在搜索框中设置参数),因此它将对整个数据进行排序。

They work perfect isolated, but I would love to make them work together and I really can't figure out how. 它们完美地隔离工作,但是我很想让它们一起工作,但我真的不知道该如何做。

Here is the PHP code for the Search box and the sorting: 这是“搜索”框和排序的PHP代码: 

<?php

require 'connect.php';
if(isset($_POST['cauta'])){
$cauta=$_POST['cauta'];}
$clause = " WHERE ";
$query1="SELECT nume, prenume, email, functie, denumire FROM contacte_companii cc LEFT JOIN companii c
ON cc.com_id=c.id";

if(isset($_POST['submit'])){
if(isset($_POST['keyword'])){
    foreach($_POST['keyword'] as $c){
        if(!empty($c)){
           $base_query=$query1 .= $clause." ".$c." LIKE '%".$cauta."%'";//
            $clause = " OR ";//Change  to OR after 1st WHERE
        }   
    }
}
echo $base_query;
}
else {
$base_query="SELECT nume, prenume, email, functie, denumire FROM contacte_companii cc
LEFT JOIN companii c
ON cc.com_id=c.id";
echo $base_query;
}
?>

    if(isset($_POST['ASC'])){
        $query  = $base_query . " ORDER BY prenume ASC"
    ;
    }

    // Descending Order
    elseif (isset ($_POST['DESC'])) {
              $query = $base_query . " ORDER BY prenume DESC";
        }

     else {
         $query = $base_query;
    }


    $result=$db->query($query);

    // Associative arrays of strings - for each row - stops at NULL;
    while($row=$result->fetch_assoc())
    {

    ?>
        <tr>
        <td><?php echo $row["prenume"]. " " .$row["nume"]; ?></td>
        <td><?php echo $row["email"]; ?></td>
        <td><?php echo $row["functie"]; ?></td>
        <td><?php echo $row["denumire"]; ?></td>
        </tr>

        <?php
    }


    $db->close();
    ?>

Here is the form for the Search box: 这是“搜索”框的形式: 

<form action="<?PHP echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post">
        <input type="checkbox" name="keyword[]" value="nume" checked> Nume
        <input type="checkbox" name="keyword[]" value="prenume" checked> Prenume
        <input type="checkbox" name="keyword[]" checked value="email"> Email
        <input type="checkbox" name="keyword[]" value="denumire"> Companie
        <input type="checkbox" name="keyword[]" value="telefon_b"> Telefon
        <input type="checkbox" name="keyword[]" hidden value="telefon_m">
        <input type="text" name="cauta">
        <input type="submit" name="submit" value="Cauta">

</form>

And here is how the sort button looks like in HTML: 这是HTML中排序按钮的外观: 

<form action="<?PHP echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post">


th>Nume <button class="btn" type="submit" name="ASC" > 
<img src="icons\09.png" width="20" height="20" style="margin:3.5px 3px" align="right"/>
</button></th>


</form>

3 个解决方案

解决方案1
 0  2016-09-16 21:47:08

It's not a perfect solution but you could add at the second form as much hidden input and then make your test by keyword 这不是一个完美的解决方案,但是您可以在第二种形式中添加尽可能多的隐藏输入,然后通过关键字进行测试 

 <form action="<?PHP echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post"> <input type="hidden" name="keyword[]" value=<? echo $_POST['Num'];?> > <input type="hidden" name="keyword[]" value=<? echo $_POST['prenume'];?> > <input type="hidden" name="keyword[]" value=<? echo $_POST['Email'];?> > <input type="hidden" name="keyword[]" value=<? echo $_POST['Companie'];?> > <input type="hidden" name="keyword[]" value=<? echo $_POST['Telefon'];?> > th>Nume <button class="btn" type="submit" name="ASC" > <img src="icons\\09.png" width="20" height="20" style="margin:3.5px 3px" align="right"/> </button></th> </form>

解决方案2
 0  2016-09-16 22:03:15

First of all if you use a database query class you should use its prepared statements functionality, because otherwise you are vulnerable to SQL injection. 首先,如果您使用数据库查询类,则应使用其准备好的语句功能,因为否则您很容易受到SQL注入的攻击。

For example if I type in for the last keyword[] something like this "123'; SELECT * FROM users ;--". 例如,如果我输入最后一个关键字[],则类似“ 123'; SELECT * FROM users ;-”。 An attacker could exploit this in many ways, as he can write queries that your database will execute because it has no reason to doubt their validity. 攻击者可以以多种方式利用此漏洞,因为他可以编写查询,数据库将执行该查询,因为没有理由怀疑其有效性。

Another thing to do is to sanitize the input you get from the forms. 另一件事是清理从表单中获得的输入。

And for the answer to your problem, you can combine the forms and add a checkbox or something to identify if you want to search or to order data. 对于问题的答案,您可以组合表格并添加一个复选框或其他内容以标识是否要搜索或订购数据。 Because I see in your code that have a condition for the $_POST['cauta']. 因为我在您的代码中看到$ _POST ['cauta']有条件。

Or you could combine the forms then you can add this to your query: 或者,您可以合并表格,然后将其添加到查询中: 

if(isset($_POST['cauta'])){
$cauta=$_POST['cauta'];}
$clause = " WHERE ";
$query1="SELECT nume, prenume, email, functie, denumire FROM contacte_companii cc LEFT JOIN companii c
ON cc.com_id=c.id";

if(isset($_POST['submit'])){
if(isset($_POST['keyword'])){
foreach($_POST['keyword'] as $c){
    if(!empty($c)){
       $base_query=$query1 .= $clause." ".$c." LIKE '%".$cauta."%'";//
        $clause = " OR ";//Change  to OR after 1st WHERE
    }   
}

   if(isset($_POST['ASC'])){
       $base_query  .= " ORDER BY prenume ASC";
   }

   // Descending Order
    elseif (isset ($_POST['DESC'])) {
         $base_query .= " ORDER BY prenume DESC";
    }
}
echo $base_query;
}

解决方案3
 0  2016-09-17 00:09:24

The problem is that you are using 2 different forms. 问题是您正在使用2种不同的形式。

So, when you send any of the forms it only sends the parameters contained in that form, not the ones in the other form, so it will "forget" what the other form sent. 因此,当您发送任何表格时,它仅发送该表格中包含的参数,而不发送另一表格中的参数,因此它将“忘记”另一表格发送的内容。

Solutions: (many ways actually, here are some) 解决方案:(实际上有很多方法,这里有一些)

  • Enclose all the parameters in only one form instead of 2, that way it will send always all the information. 将所有参数仅用一种形式而不是2括起来,这样它将始终发送所有信息。 ** (I think this would be the easiest) **(我认为这将是最简单的)

  • Add the parameters from the search form as hidden fields into the sort form and viceversa. 将搜索表单中的参数作为隐藏字段添加到排序表单中,反之亦然。

  • Use the session or cookie to keep track of the last options used (if you do this you need to consider a way to "clear" the options, like a Clear button that removes everything from the session or cookie) 使用会话或cookie来跟踪最后使用的选项(如果这样做,则需要考虑一种“清除”选项的方法,例如“清除”按钮可从会话或cookie中删除所有内容)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 $ .ajax提交表单时,如何从同一页面使用$ _POST获取表单数据 - How to get form data with $_POST from same page when it is submitted by $.ajax 同一页面上的多个PHP提交可保留所有数据 - Multiple PHP Submits on Same Page Keep Data From all 文本文件中的数据在表单提交点击时被删除 - Data in text file gets erased on form submit click Codeigniter-调用控制器功能后,视图页面中的数据将被擦除 - Codeigniter - Data from view page gets erased after call to controller function 使用ajax从同一页面提交多个表单 - Multiple form submits from same page with ajax 从具有相同表单元素的页面获取数据 - Get data from a page with the same form elements 如何从一页发布表单数据并在同一页面上检索? - How to post form data from one page and retrieve it on the same page? 当我使用GET时,旧数据会从POST中删除 - Old data gets wiped from POST when I use GET 需要保存来自两个提交的$ _POST数据 - Need to save the $_POST data from two submits 当同一页面上有多个表单时,如何使用 AJAX 从一个表单发布数据? - How to POST data using AJAX from one form when there are multiple forms on the same page?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM