我还是比较新的PHP。我正在尝试为成员构建一个隐私设置页面,以选择退出触发事件的自动电子邮件(即私人消息通知)。我希望根据数据库设置自动设置复选框。截至目前,表单确实正确更新了数据库,但复选框状态未显示正确的设置,除非按两次“提交”按钮,或者重新加载页面。未选中设置为'0',选中设置为'1'。我喜欢使用Ajax或jQuery来处理这个问题,但我根本不知道这些。
privacysettings.php
<?php
$id = "";
$pm_mail_able = "";
$pm_email = "";
if (isset($_GET['id'])) {
$id = preg_replace('#[^0-9]#i', '', $_GET['id']); // filter everything but numbers
} else if (isset($_SESSION['idx'])) {
$id = $logOptions_id;
} else {
header("location: index.php");
exit();
}
//query to get checkbox status
$sql = mysql_query("SELECT * FROM members WHERE id='$id'");
while($row = mysql_fetch_array($sql)){
$pm_mail_able = $row['pm_mail_able'];
}
switch ($pm_mail_able) {
case 0:
$pm_setting = NULL;
break;
case 1:
$pm_setting = "checked=\"checked\"";
break;
}
if(isset($_GET['pm_email']) && !empty($_GET['pm_email'])) {
$updateqry = mysql_query("UPDATE members SET pm_mail_able='1' WHERE id='$id'");
} else {
$updateqry = mysql_query("UPDATE members SET pm_mail_able='0' WHERE id='$id'");
}
?>
<html>
Email Notifications<br />
<form name="testform" method="get" action="PvResult.php">
When a friend sends me a private message
<input type="checkbox" name="pm_email" value="on"<?php echo $pm_setting;?> />
<br /><br />
<input type="submit" value="Submit" />
</form>
</html>
PvResult.php
<?php
$url = 'http://www.mywebsite.com';
//If the form isn't submitted, redirect to the form
if(!isset($_GET['Submit']))
header('Location: '.$url.'/privacysettings.php');
//Redirect to the correct location based on form input
$pm_email = $_GET['pm_email'];
$url .= '/privacysettings.php?pm_email='.$pm_email;
header('Location: '.$url);
?>
答案 0 :(得分:2)
好的,希望这不仅能解答您的问题,还会为您提供一些您可能需要考虑的最佳实践。
您可以相对轻松地将这两个脚本合并为一个。另外,我强烈建议使用POST而不是GET; GET非常有限,并非旨在提交您使用它的数据。如果您要在后端存储中更改数据,使用GET会让您感到困惑。也许不是今天,也许不是明天,但它会相信我。
你真的应该考虑moving to PDO而不是mysql_函数。 PDO在处理参数化查询方面要好得多,为了更好的安全性,你真的应该拥有它,如果有一天你想迁移到另一个数据库系统,那么它更具可移植性。
我对你的应用程序如何获得$ id仍然有点朦胧。大多数应用程序从$ _SESSION变量获取它,确保用户已成功验证登录。如果您不这样做,请做。您可能需要彻底digest this article,它有很多关于身份验证和“记住我”类型功能的最佳实践。
这里有一点重写。我实际上没有对它进行过测试,但它应该可以让你很好地了解你的需求。如果它抛出任何错误(请记住免责声明:我实际上没有测试过它!),请告诉我,我会尝试调试它。
<?php
$message = '';
$pm_setting = '';
$id = 0;
// Put your $id retrieval logic here. It should look something like:
if (isset($_SESSION['id'])) {
$id = $_SESSION['id'];
if (!preg_match('/^\\d{1,10}$/', $id) > 0) {
// Someone is trying to hack your site.
header("location: scum.php");
exit();
}
$id = intval($id);
}
// Quick security note: You might want to read up on a topic called
// session hijacking if you want to ensure your site is secure and
// this $id isn't spoofed.
if (isset($_POST['Submit'])) {
// The form is being submitted. We don't need to read the current
// pm_mail_able setting from the database because we're going to
// overwrite it anyway.
if ($id > 0) {
$pm_mail_able = 0;
if (isset($_POST['pm_email']) && $_POST['pm_email'] === 'on') {
$pm_mail_able = 1;
$pm_setting = 'checked ';
}
$query = 'UPDATE members SET pm_mail_able='.$pm_mail_able.
' WHERE id = '.$id;
mysql_query($query);
// Another quick security note: You REALLY need to consider
// updating to PDO so that you can bind these parameters
// instead. The mysql_ functions are probably going to be
// deprecated soon anyway.
if (mysql_affected_rows($query) > 0)
$message = '<p style="color: #00a000;">Settings saved!</p>';
else
$message = '<p style="color: #a00000;">User id not valid.</p>';
}
else
$message = '<p style="color: #a00000;">User id not valid.</p>';
}
else {
// This is the first load of the form, we need to just display it
// with the existing setting.
if ($id > 0) {
$query = mysql_query('SELECT * FROM members WHERE id = '.$id);
if (($row = mysql_fetch_array($query, MYSQL_ASSOC)) !== FALSE)
if ($row['pm_mail_able'] === 1) $pm_setting = 'checked ';
}
}
?>
<html>
<body>
<?= $message ?>
<!-- Without action parameter, form submitted to this script. -->
<form name="testform" method="post">
E-mail notifications<br />
<input type="checkbox" name="pm_email" value="on" <?= $pm_setting ?>/>
When a friend sends me a private message
<br /><br />
<input type="submit" value="Submit" />
</form>
</body>
</html>
答案 1 :(得分:1)
尝试进行这些设置,看看它是否有效:
1)你需要在&#34; on&#34;之间添加一个空格。和&#34;已检查=已检查&#34;
<input type="checkbox" name="pm_email" value="on" <?php echo $pm_setting;?> />
2)您必须按名称引用提交按钮,而不是其值
<input type="submit" name="Submit" value="Send" />
3)当设置为&#34; 0&#34;时,将$pm_setting设置为空字符串,而不是NULL
case 0:
$pm_setting = '';
4)可能$_GET['pm_email']存在问题,else一直在执行
5)如果按下“提交”按钮两次后工作正常,则表示表单正在传递一些使代码工作的GET var,因此尝试发现var是什么