我忘记了如何正确地做到这一点。我基本上想要一个PHP页面将数据发送到数据库(submitscore.php),另一个从数据库中获取它们并将它们显示在表格中(showscore.php):
submitscore.php:
if(isset($_POST['score']) && isset($_POST['playername']))
{
$scorefromflash = mysql_real_escape_string($_POST['score']);
$namefromflash = mysql_real_escape_string($_POST['playername']);
$con = mysql_connect("servername","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("testdb", $con);
$sql = "INSERT INTO test (Name, Score) VALUES ('$namefromflash', '$scorefromflash')";
header("./showscore.php");
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con);
}
?>
showscore.php
<?php
$con = mysql_connect("server","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("testdb", $con);
echo ("Name: ".$namefromflash);
echo ("Score: ".$scorefromflash);
$result = mysql_query("SELECT * FROM test ORDER BY Score DESC");
echo "<table border='1'>
<tr>
<th>Name</th>
<th>Score</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['Name'] . "</td>";
echo "<td>" . $row['Score'] . "</td>";
echo "</tr>";
}
echo "</table>";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con);
?>
我问,因为这样做会在Notice: Undefined index: score
页面上显示错误Notice: Undefined index: playername
和submitscore.php
。
它没有在数据库中插入任何记录,也没有显示表格。
感谢。
答案 0 :(得分:2)
您的codes
容易受sql injection
攻击,在将值插入数据库之前应使用mysql_real_escape_string
函数。
你不需要
$scorefromflash = $_POST['score'];
$namefromflash = $_POST['playername'];
在show score页面中......
答案 1 :(得分:1)
这是代码,对我有用:
submitscore.php:
<?php
if(isset($_REQUEST['score']) && isset($_REQUEST['playername']))
{
$con = mysql_connect("host","user","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);
$scorefromflash = mysql_real_escape_string($_REQUEST['score']);
$namefromflash = mysql_real_escape_string($_REQUEST['playername']);
$sql = "INSERT INTO test (Name, Score)
VALUES ('$namefromflash', '$scorefromflash')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con);
header("Location: showscore.php");
}
?>
showscore.php
<?php
$con = mysql_connect("host","user","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);
$result = mysql_query("SELECT * FROM test ORDER BY Score DESC");
if (!$result)
{
die('Error: ' . mysql_error());
}
echo "<table border='1'>
<tr>
<th>Name</th>
<th>Score</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['Name'] . "</td>";
echo "<td>" . $row['Score'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
插入数据后,它会将您重定向到页面,其中显示包含所有数据的表格。更改数据库凭据。这是我用于测试的GET请求:
http://domain/submitscore.php?score=1&playername=2
答案 2 :(得分:0)
我认为你试图设置一个标题,用$_POST['score'] and $_POST['playername']
在submitscore.php中尝试:
header("location: ./showscore.php?player=$namefromflash&score=$scorefromflash");
并在showscore.php内使用:
$scorefromflash = $_REQUEST['score'];
$namefromflash = $_REQUEST['playername'];
答案 3 :(得分:0)
首先:你的代码不是保存。使用mysql_escape_string
这不是一个真正的错误。它(就像它说的那样)是一个通知。您不使用isset
函数来检查变量是否已设置。这些变量有可能没有值,因为之前的页面没有发送它。
如果您使用而不是
$scorefromflash = $_POST['score'];
使用它:
$scorefromflash = isset($_POST['score'])?$_POST['score']:null
然后这个通知就会消失。也适用于其他$_POST
值