我一直试图弄清楚这两天并且没有运气。我正在使用PHP和Javascript,我正在尝试访问另一个页面上的Javascript变量。
这是我的Javascript代码,它只提醒用户什么是taskID ...
<script>
function myFunction(taskID)
{
alert("Task #" + taskID);
}
</script>
这是我的PHP
//select all tasks for this report
$tasks = mysqli_query($conn,"SELECT taskID, hoursSpent, workDone, plannedTasks FROM Tasks where reportID = $report_id AND projID = $proj_id");
$task_count = 1;
while($row1 = mysqli_fetch_array($tasks))
{
$taskID = $row1['taskID'];
//display the task information
echo "<strong id='tasks'>Task #" . $task_count . "</strong>";
echo " - <a href = '#' onclick ='myFunction($taskID)'>Edit</a><br>";
echo "Hours Spent: " . $row1['hoursSpent'] . "<br><br>";
echo "Accomplished: <br>" . $row1['workDone'] . "<br><br>";
echo "Planned for Next week: <br>" . $row1['plannedTasks'] . "<br>";
echo "<br>";
$task_count++;
}
如何将该taskID传递给另一个页面,以便我可以编辑任务信息?
谢谢!
答案 0 :(得分:2)
只需改变一下:
echo " - <a href = '#' onclick ='myFunction($taskID)'>Edit</a><br>";
要
echo " - <a href = 'editTask.php?id=".$taskID."'>Edit</a><br>";
你在那儿。只需确保在editTask.php文件中检查id:
$editID = (int) $_GET['id'];//<-- $editID will hold an int, that is the id of the record the user wanted to edit.
除此之外:很高兴看到你正在使用mysql的最新扩展。不过,代码如下:
mysqli_query($conn,"SELECT taskID, hoursSpent, workDone, plannedTasks FROM Tasks where reportID = $report_id AND projID = $proj_id");
让你容易受到注射攻击。请查看准备好的陈述。
$tasks = mysqli_query($conn, 'SELECT taskID, hoursSpent, workDone, plannedTasks FROM Tasks WHERE reportID = ? AND projID = ?');
mysqli_stmt_bind_param($tasks, 'i', $reportID);//replace i with s if should be a string etc...
一旦您的构建基于客户端数据进行查询(您将使用此方法执行此操作:使用url获取ID ...),这是保护自己免受非常常见威胁的最简单方法。
check this link
This one
当然,this one可以了解注射是什么
答案 1 :(得分:0)
喜欢这个
<script>
function myFunction(taskID) {
location="nextpage.php?task="+taskID;
return false;
}
</script>
echo " - <a href = '#' onclick ='return myFunction("'.$taskID.'")'>Edit</a>
或更简单
echo " - <a href='nextpage.php?task='.$taskID.'">Edit</a>