php表单发布,不刷新

时间:2013-01-02 18:21:33

标签: php html forms refresh

我的问题是我的html / php表单在发布时没有'刷新'。我一直在努力做一个'元刷新',但是当我想回应一些东西时最近遇到了一个问题,而且由于'元刷新'我从来没有看到过我尝试了一些没有运气的东西,这里是代码。

<?php //SESSION START
    session_start();
    if ($_SESSION['username']){
        //grant access
    }else{
        header('Location: login.html');
    }
    if(session_is_registered(username)){
        $username = $_SESSION['username'];
        if ($username!==Administrator){
            //grant access
        }else{
            header('Location: index.php');
        }
    }
?>

<html>
    <head>
        <meta charset=UTF-8 />
        <link rel="stylesheet" type="text/css" href="css/main_style.css" />
        <title>XYZ Car Rental - Rent a Car</title>
        <link rel="icon" href="favicon.ico" />
    </head>

    <body>
        <div id="container">
            <div id="header">
                <span style="color:#38C0CC;">XYZ</span> Car Rental
            </div>
            <div id="banner"><?php echo "Welcome ".$_SESSION['username'].". "?></div>
            <!--Greets user with "Welcome 'username'"-->
            <div id="navbar">
                <?php //navigation bar privaledges
                    if(session_is_registered(username)){//if logged in
                        $username = $_SESSION['username'];//creates variable: username
                        if ($username==Administrator){//if the username is equal to 'Administrator' show the following navigation
                ?>
                <a href="index.php"><div class="button"><img src="images/home.jpg" /></div></a>
                <a href="add_car.php"><div class="button"><img src="images/insert_car.jpg" /></div></a>
                <a href="remove_car.php"><div class="button"><img src="images/remove_car.jpg" /></div></a>
                <a href="update_car.php"><div class="button"><img src="images/update_car.jpg" /></div></a>
                <a href="view_car.php"><div class="button"><img src="images/view_cars.jpg" /></div></a>
                <div class="seperator"></div>
                <a href="add_user.php"><div class="button"><img src="images/add_user.jpg" /></div></a>
                <a href="remove_user.php"><div class="button"><img src="images/remove_user.jpg" /></div></a>
                <a href="update_user.php"><div class="button"><img src="images/update_user.jpg" /></div></a>
                <a href="view_user.php"><div class="button"><img src="images/view_users.jpg" /></div></a>
                <div class="seperator"></div>
                <a href="logout.php"><div class="button"><img src="images/logout.jpg" /></div></a>
                <?php }else{ //else, show the navigation bar for a user ?>
                <a href="index.php"><div class="button"><img src="images/home.jpg" /></div></a>
                <a href="rent_car.php"><div class="button"><img src="images/rent_car_s.jpg" /></div></a>
                <a href="return_car.php"><div class="button"><img src="images/return_car.jpg" /></div></a>
                <a href="view_car.php"><div class="button"><img src="images/view_cars.jpg" /></div></a>
                <div class="seperator"></div>
                <a href="logout.php"><div class="button"><img src="images/logout.jpg" /></div></a>
                <?php
                        }
                    }
                //close if's
                ?>
            </div>
            <div id="content">
                <span style="font-size:28px;">Rent Cars</span>
                <hr />
                <?php
                    $link = mysql_connect ("localhost", "root", "password");//connect to database
                    mysql_select_db ("cardatabase");//select database
                    $query = "SELECT * from cars";//select all from table, cars
                    $result = mysql_query ($query, $link);//result = query

                    $available = $_POST[available];
                    //$available = the posted available

                    if (isset($_POST['submit'])){//if submit is pressed, execute

                        if($available>0){//if there is a car avaialble of that type
                            //add one of those cars to the table, rentedcars
                            //include the name of the users session for extra purposes
                            mysql_query("INSERT INTO rentedcars(REAL_ID,ID,CARMAKE,CARMODEL,FUELTYPE,TRANSMISSION,ENGINESIZE,DOORS,DATEADDED,USERNAME) SELECT '',id,carmake,carmodel,fueltype,transmission,enginesize,doors,dateadded,'$username' FROM cars WHERE id='$_POST[hidden]'");
                            //after it has been added, run another query to reduce the 'available' by 1
                            //available = available - 1
                            mysql_query ("UPDATE cars SET available=available-1 WHERE id='$_POST[hidden]'");
                            //echo "<meta http-equiv='refresh' content='0;url=rent_car.php'/>";
                            //refresh the page after it is complete
                            $success = "Car Rented.";

                        }else{//if the 'available' == 0
                            $error = "There is no more cars of that type available.";
                            //creates a variable, to be printed in a different div
                            //all of that type are no longer available
                            //stops renting cars below 0
                        }
                    }

                    //echos the table & titles
                    echo "<table cellspacing=3 border=1 style='font-size:13px;background-color:white;'>
                        <tr style='background-color:#38C0CC;'>
                        <td>ID</td>
                        <td>Make</td>
                        <td>Model</td>
                        <td>Fuel Type</td>
                        <td>Transmission</td>
                        <td>Engine Size</td>
                        <td>Doors</td>
                        <td>Amount</td>
                        <td>Available</td>
                        <td>Date Added</td>
                        <td></td>
                        <td>Rent</td>
                        </tr>";


                    //while loop to display data from the database into a form
                    while($row = mysql_fetch_array($result))
                    {
                        echo "<form action=rent_car.php method=post>";
                        echo "<tr>";
                        echo "<td>"."<input type=text name=id value=".$row['ID'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=carmake value=".$row['CARMAKE'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=carmodel value=".$row['CARMODEL'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=fueltype value=".$row['FUELTYPE'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=transmission value=".$row['TRANSMISSION'].">" . " </td>";//value = database value
                        echo "<td>"."<input type=text name=enginesize value=".$row['ENGINESIZE'].">" . " </td>";//value = database value
                        echo "<td>"."<input type=text name=doors value=".$row['DOORS'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=amount value=".$row['AMOUNT'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=available value=".$row['AVAILABLE'].">"." </td>";//value = database value
                        echo "<td>"."<input type=text name=dateadded value=".$row['DATEADDED'].">"." </td>";//value = database value
                        echo "<td>"."<input type=hidden name=hidden value=".$row['ID'].">"." </td>";//hidden value
                        //hidden value helps target the ID value when it is not available
                        echo "<td>"."<input type=submit name=submit value=Rent>"." </td>";//submit
                        echo "</tr>";
                        echo "</form>";
                    }
                    //close while loop
                    echo "</table>";
                    //close table
                ?>
                <div id="errorbox">
                    <?php echo $error; ?>
                    <!--echos the error-->
                    <!--no more cars available-->
                </div>

                <div id="successbox">
                    <?php echo $success; ?>
                    <!--echos the success-->
                    <!car has been rented-->
                </div>
            </div>

            <br style="clear:both;" />
            <!--clears the float-->
            <div id="footer">
                XYZ Car Rental™
            </div>
        </div>
    </body>
</html>

我知道代码有点令人头疼,任何帮助都会很棒!

1 个答案:

答案 0 :(得分:1)

这里有很多问题。

首先,当你应该使用PDO或MySQLi时,你正在使用mysql_ *。请参阅here

其次,

echo "<form action=rent_car.php method=post>";

应该是:

echo "<form action='rent_car.php' method='POST'>";

第三,你使用的是常量而不是字符串:

if ($username!==Administrator){

应该是

if ($username!=='Administrator'){

第四,你很容易受到SQLi攻击:

mysql_query ("UPDATE cars SET available=available-1 WHERE id='$_POST[hidden]'");
mysql_query("INSERT INTO rentedcars(REAL_ID,ID,CARMAKE,CARMODEL,FUELTYPE,TRANSMISSION,ENGINESIZE,DOORS,DATEADDED,USERNAME) SELECT '',id,carmake,carmodel,fueltype,transmission,enginesize,doors,dateadded,'$username' FROM cars WHERE id='$_POST[hidden]'");

你在很多地方也缺乏报价。

为什么必须再次刷新页面以查看更新内容的原因是因为您在更新之前获取数据。反之亦然。首先更新数据,然后获取:

所以有这个:

$result = mysql_query ($query, $link);//result = query

if下方检查是否有任何内容被发布:

 if (isset($_POST['submit'])){//if submit is pressed, execute

在IF下方选择查询。这应该解决当前的问题。但是,请不要忽视所有其他人。