[英]How do i use GET correctly in php?
i tried to find a solution for my problem for 2 hours now, but i don't know why my code does not work.我试图为我的问题找到一个解决方案 2 小时,但我不知道为什么我的代码不起作用。
I have a sql output which looks like this:我有一个 sql output 看起来像这样:
function output(){
while($row = $this->statement->fetch()) {
$id = $row["id"];
echo '
<tr>
<td>'.$row["comname"].'</td>
<td>'.$row["district"].'</td>
<td>'.$row["industry"].'</td>
<td>"<a href="?details=' . $id . '">Details</a>"</td>
</tr>
<br>
';
}
If someone click on the link "Details" i want to give out more information about that specific company.如果有人单击“详细信息”链接,我想提供有关该特定公司的更多信息。 Therefore i save the id in the url to identify which company was clicked.因此,我将 ID 保存在 url 中以识别点击了哪个公司。 To check if the Details link was clicked, i wrote this:要检查是否单击了详细信息链接,我写了这个:
Edit: just added the "$id = $_GET['details']" after your hints, it looks like this now:编辑:刚刚在提示后添加了“$id = $_GET['details']”,现在看起来像这样:
if (isset($_GET['details'])){
$id = $_GET['details'];
echo $id;
}
}
When i click on the link "Details" it changes the URL correctly, but it doesn't print the id.当我单击链接“详细信息”时,它会正确更改 URL,但不会打印 ID。 (I don't only want to print the id, i just do this to check the functionality.) Why does my code not work? (我不仅想打印 id,我只是为了检查功能。)为什么我的代码不起作用? Is there a second "$GET" i have to use?我必须使用第二个“$GET”吗? I really don't know what is going on.我真的不知道发生了什么事。
Edit: The php-code ends here, there is nothing i do afterwards.编辑: php 代码到此结束,之后我什么也不做。
Edit2: I tried print_r($_GET)
and it looks like, the id is not even in the $GET-Array. Edit2:我尝试print_r($_GET)
,看起来,id 甚至不在 $GET-Array 中。 Also the if (isset($_GET['details']))
statement is not executed.也不会执行if (isset($_GET['details']))
语句。
Thank you!谢谢!
You should print the $_GET['details']
:您应该打印$_GET['details']
:
if (isset($_GET['details'])){
echo $_GET['details'];
}
Or put it in a variable:或者把它放在一个变量中:
if (isset($_GET['details'])){
$id = $_GET['details'];
echo $id;
}
$_GET[]
is just an array of all GET parameters in the URL. $_GET[]
只是 URL 中所有 GET 参数的数组。 You see them for example on https://www.google.com?q=stack+overflow where the parameter q
is set to stack+overflow
.例如,您可以在https://www.google.com?q=stack+overflow上看到它们,其中参数q
设置为stack+overflow
。 So if you would echo out $_GET["q"]
on that URL you would get stack+overflow
.因此,如果您在 URL 上回显$_GET["q"]
,您将得到stack+overflow
。 You can store it in a variable like $id and echo it out, but you need to set it first like $id = $_GET["details"];
您可以将其存储在 $id 之类的变量中并回显,但您需要先设置它,例如$id = $_GET["details"];
EDIT: I just realized the code you have now is vulnerable to an attack called XSS or HTML Injection.编辑:我刚刚意识到您现在拥有的代码容易受到称为XSS或 HTML 注入的攻击。 Since we can specify the $_GET["details"]
and so $id
that is being echoed, an attacker can put HTML code or the <script>
tag in there to execute dangerous JavaScript code on everyone that accesses the URL.由于我们可以指定$_GET["details"]
以及正在回显的$id
,因此攻击者可以将 HTML 代码或<script>
标签放入其中,以对访问 ZE6B391A8D2C26D4AZ8508 的每个人执行危险的 JavaScript 代码。
Luckily, there is an easy fix: just put the function htmlspecialchars()
around whatever user input you echo
.幸运的是,有一个简单的解决方法:只需将 function htmlspecialchars()
放在您echo
的任何用户输入周围。 The echo
you have here would become echo htmlspecialchars($id);
你在这里的echo
会变成echo htmlspecialchars($id);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.