我遇到麻烦,会改变隐藏输入类型的值。我有一个搜索,有多个复选框使用PHP while循环创建。我想在提交后将已检查的项目传递给PHP中的变量。这是带有复选框和隐藏值的表单。
$search_sql = "SELECT * FROM `company` WHERE `groups` = '$groups' AND (`companyname` LIKE '%$search%' OR `directurl` LIKE '%$search%' OR `email` LIKE '%$search%' OR `phone` LIKE '%$search%' OR `groups` LIKE '%$search%' OR `notes` LIKE '%$search%')";
$result = mysql_query($search_sql) or die(mysql_error());
while($row = mysql_fetch_array($result))
{
//remove the http from the links
$website = $row['directurl'];
$website = str_replace("http//", "", "$website");
$website = str_replace("http://", "", "$website");
$website = str_replace("https://", "", "$website");
$website = str_replace("https//", "", "$website");
//button to change colour
//display contacted companies
if($row['contact'] == 0){
//not contacted
$changecolor = '1';
$contacted = '<tr class="nocontact border">';
$button = '<td>
<form name="change_colour" method="post">
<input type="hidden" name="id" value="' . $row['id'] . '">
<input type="hidden" name="change_colour" value="' . $changecolor . '">
<input type="hidden" name="search" value="' . $row['companyname'] . '">
<input type="hidden" name="groupselected" value="' . $groups . '">
<input type="submit" value="C"></form>';
}
//contacted
elseif($row['contact'] == 1){
$changecolor = '2';
$contacted = '<tr class="contact border">';
$button = '<td>
<form name="change_colour" method="post">
<input type="hidden" name="id" value="' . $row['id'] . '">
<input type="hidden" name="change_colour" value="' . $changecolor . '">
<input type="hidden" name="search" value="' . $row['companyname'] . '">
<input type="hidden" name="groupselected" value="' . $groups . '">
<input type="submit" value="C"></form>';
}
//positive feedback
elseif($row['contact'] == 2){
$changecolor = '3';
$contacted = '<tr class="positive border">';
$button = '<td>
<form name="change_colour" method="post">
<input type="hidden" name="id" value="' . $row['id'] . '">
<input type="hidden" name="change_colour" value="' . $changecolor . '">
<input type="hidden" name="search" value="' . $row['companyname'] . '">
<input type="hidden" name="groupselected" value="' . $groups . '">
<input type="submit" value="C"></form>';
}
//negative feedback
elseif($row['contact'] == 3){
$changecolor = '0';
$contacted = '<tr class="negative border">';
$button = '<td>
<form name="change_colour" method="post">
<input type="hidden" name="id" value="' . $row['id'] . '">
<input type="hidden" name="change_colour" value="' . $changecolor . '">
<input type="hidden" name="search" value="' . $row['companyname'] . '">
<input type="hidden" name="groupselected" value="' . $groups . '">
<input type="submit" value="C"></form>';
}
else {echo 'error with the display';}
//button to select companies
$select_comp = '<form name="select_comp" method="post">
<input type="checkbox" id="' . $row['id'] . '" name="id" onclick="compTrig(' . $row['id'] . ')">
<input type="hidden" id="return_comp" name="return_comp" value="me">
<input type="submit" name="select_comp" value="Selected"></form></td>';
//Display link to website if available
if ($website !== ''){
$webdisplay = $contacted . $button . $select_comp . '<td><a target="_blank" href="http://' . $website . '">' . $row['companyname'] . '</a></td>';
}
else{
$webdisplay = $contacted . $button . '<td class="red">' . $row['companyname'] . '</td>';
}
//check if email has been submitted
if ($row['email'] !== ''){
$email = '<td><a href="mailto:' . $row['email'] . '">Email</a></td>';
}
else{
$email = '<td class="red">None</td>';
}
//display company details
echo $webdisplay;
echo '<td>' . $row['contactname'] . '</td>';
echo $email;
echo '<td>' . $row['town'] . '</td>';
echo '<td>' . $row['phone'] . '</td>';
echo '<td>' . $row['notes'] . '</td></tr>';
$companyfind = $row['id'];
}
和下面的Javascript:
var select_comp = new Array();
var element = document.getElementById('return_comp');
function compTrig(clickedid)
{
if (document.getElementById(clickedid).checked == false)
{
return false;
}
else
{
select_comp.push(clickedid);
var clicked = clickedid;
var box= confirm(select_comp);
if (box==true)
return true;
else
document.getElementById(clickedid).checked = false;
var index = select_comp.indexOf(clicked);
if (index > -1)
{
select_comp.splice(index, 1);
}
}
select_comp.toString();
element.value(select_comp);
}
我可以获得一个显示正确值的确认框,但我无法更改隐藏值的值。我在想这可能是因为表单处于while循环中,表单应该在循环之外。任何有关此事的帮助将不胜感激。
答案 0 :(得分:1)
你正在以相反的方式做到这一点'绕过应该如何完成并暴露太多信息以便在前端被篡改。它也造成了许多不必要的冗余(冗余是程序员的致命敌人)。此任务不需要Javascript。
所有你应该传递给浏览器的是填写单个表格的相关公司信息;然后在提交后在PHP中构建适当的输出。
<强> search_results.php
echo "<form name=\"select_comp\" method=\"POST\" action=\"select_comp.php\">";
$search_sql = "
SELECT id FROM `company` WHERE `groups` = '$groups'
AND (`companyname` LIKE '%$search%'
OR `directurl` LIKE '%$search%'
OR `email` LIKE '%$search%'
OR `phone` LIKE '%$search%'
OR `groups` LIKE '%$search%'
OR `notes` LIKE '%$search%')";
$result = mysql_query($search_sql) or die(mysql_error());
while($row = mysql_fetch_array($result))
{
echo "<input type=\"checkbox\" name=\"id[{$row['id']}]\" value=\"1\"> {$row['company_name']}<br>";
// echo other company details
}
echo '
<input type="submit" value="C">
</form>';
这将为您提供$_POST变量中所选复选框的数组:
<强> select_comp.php
// $_POST['id'] will contain an array of selected checkboxes
// implode array into a comma-separated list for use with MySQL IN operator
// escaping a string where the numbers have been tampered with will cause an error, but it will be safe from injection
$sql = "
SELECT * FROM `company` WHERE `id`
IN (" . mysql_real_escape_string(implode(',', $_POST['id'])) . ")";
$res = mysql_query($sql);
while($row = mysql_fetch_array($res)) {
switch ($row['id']) {
// first company
case '0':
// build styling here
break;
// second company
case '1':
// build more styling here
break;
// and so on
}
// output HTML with styling information computed above
}
但是,真正正在做的事情是使用输入到数据库中的值动态设置样式和/或由文件命名约定确定(同时涉及动态生成的样式规范的绝对验证,疗程)。