我正在编写一个允许用户上传潜在员工推荐信的应用程序。
每个引用都会在网址末尾发送一封包含唯一字符串的电子邮件。因此,例如,地址看起来类似于:www.mywebaddress?url = 503241a20b5085_18720621。
要确定唯一字符串是否有效(即存在于数据库中),我需要进行查询搜索。但是,当引用尝试访问URL时,他需要回答安全问题。所以,我还需要检查答案是否有效,如果他以前上传过,等等,以确定将他重定向到哪个页面。
但是由于查询,我的代码要求用户点击“提交”两次。这真的很烦人,但我不确定如何解决它。
以下是我的代码的相关摘录:
if ( isset ($_GET['url']) ) {
$query = "SELECT * FROM ref_info WHERE url='" . $_GET['url'] . "'";
$result = $db->execute($query);
if ( empty ($result) ) {
//error message
} else {
$url = $_GET['url'];
if ( $_SESSION['validated'] ) {
if ( $result[0]['uploaded'] ==1 ) {
$_SESSION['uploaded'] =true;
} else {
$_SESSION['uploaded'] =false;
}
include_once("process_upload.php");
} else {
if ( empty($result[0]['answer']) ) {
include_once("security.php");
} else {
include_once("security_check.php");
}
}
}
}
我有什么办法可以让表格只需要提交一次吗?
提前感谢任何建议!!
答案 0 :(得分:1)
if ( isset ($_GET['url']) ) {
$query = "SELECT * FROM ref_info WHERE url='" . $_GET['url'] . "'"; //that is really not secure. Take a look at mysql_real_escape_string or something like that in yor $db
$result = $db->execute($query);
if ( empty ($result) ) {
//error message
} else {
$url = $_GET['url'];
if (empty($result[0]['answer']) ) { // page is just opened,form is not yet submitted - ask sequrity question
include_once("security.php");
} else { //oh. Submit is done - let me check if it is Ok
include_once("security_check.php");
}
if ( $_SESSION['validated'] ) { //validation is Ok? Yeah. Answer is not posted yet, so validation fails and we do nothing. Just show a form with a question
if ( $result[0]['uploaded'] ==1 ) {
$_SESSION['uploaded'] =true;
} else {
$_SESSION['uploaded'] =false;
}
include_once("process_upload.php");
}
}
}