PHP 表单提交和页面重定向

Question

I am trying to redirect a to a new php page after the user has clicked on the submit button. I have got it to successfully send the form information to the MySQL database but then I cannot get a successful redirect.

I then changed some code and got it to successfully redirect but not send the form information to the database. My other php file is named nextForm.php and I have tried replacing the action="$_SERVER[PHP_SELF]" with the path to the nextForm.php file and I have tried using a require nextForm.php; line in the code where I want to redirect.

Here is the code I have currently:

<?php
    
        //establish a connection to the MySQL db or terminate if ther is an error
        $conn = mysqli_connect("localhost","root","mysql","covid_tech",3306) or die(mysqli_connect_error());
        
        //HTML form to prompt user input
        print <<<_HTML_
        <FORM style="text-align:center" method="POST" action="$_SERVER[PHP_SELF]">
    
        <div class="Customer_Name">
        Enter Customer Name:  <input type="text" name="Customer_Name" class="textbox">
        </div>
        <br/>
        <div class="Contact_Name">
        Enter Contact Name:    <input type="text" name="Contact_Name" class="textbox">
        </div>
        <br/>
        <div class="Contact_Phone">
        Enter Contact Phone Number:   <input type="text" name="Contact_Number" class="textbox">
        <br/>
        </div>
        
        
        <button class="btn btn-1" style="text-align:center" onclick='disappear(this)' name="name_submit" method="POST" type="submit" value="find_cusName"><span>Enter Customer Name</span></button>
        </FORM>
        _HTML_;


        //check to make sure the POST request was sent and check to make sure that there is a vlaue in the System POST variable
        if($_SERVER['REQUEST_METHOD'] == "POST" and isset($_POST['Customer_Name'])){
            

            //SQL string to find the name that was input on the page
            $find_name_sql = "SELECT cusName,cusID from customer where cusName = '$_POST[Customer_Name]'";

            //run the query on the db
            $result_find_name = mysqli_query($conn, $find_name_sql);

            //Check to see if the query returned any rows
            if(mysqli_num_rows($result_find_name) > 0){
                
                //If it did, it should only be 1 row and we fetch it
                $row = mysqli_fetch_row($result_find_name);
                
                //set our current_id variable to the value in $row[1] which is the cusID attribute from the db
                $current_id = $row[1];
                
            }
            else{
                //sql statment to insert a new customer into the customer table of the db
                $insert_first_customer = "INSERT INTO customer (cusName,contactName,contactNo)  values('$_POST[Customer_Name]','$_POST[Contact_Name]','$_POST[Contact_Number]')";
                
                //run the insert query
                $add = mysqli_query($conn,$insert_first_customer);  
            }
            
            //redirect to next form page here   
        }
            
        
        mysqli_close($conn);
    ?>

Answer 1

The action attribute simply works as a way to direct your GET/POST requests. If you would like to redirect after running your PHP code, you should use the header() function or use a meta tag.

Example:

header('Location:'.$_SERVER['SERVER_NAME'].'/nextForm.php');

or

 echo '<meta http-equiv="refresh" content="0;url=nextForm.php">';

and finish your code with the exit() function so an attacker could not bypass your redirect.