带有不同结果的php发布按钮

时间:2014-05-05 22:44:38

标签: php 

if(preg_match("/norm/i", $drop) && $ruavalue === "0" || $ruavalue === "2")
{
echo '<form action="" method="post">';
echo "<input name=\"drop1\" type=hidden value='".$drop."'>";
echo "<input name=\"boss\" type=hidden value='".$_POST['tier_two']."'>";
echo "<input name=\"main\" type=hidden value='".$_COOKIE['ID_my_site']."'>";
echo '<input type="submit" name="ruasubmit" value="RUA!" />';
echo '</form>';
Echo "drop = ";
echo $drop;
echo '<p>';
echo "ruavalue = ";
echo $ruavalue;

} elseif(preg_match("/hc/i", $drop) && $ruavalue === "0" || $ruavalue === "1") {
echo '<form action="" method="post">';
echo "<input name=\"drop1\" type=hidden value='".$drop."'>";
echo "<input name=\"boss\" type=hidden value='".$_POST['tier_two']."'>";
echo "<input name=\"main\" type=hidden value='".$_COOKIE['ID_my_site']."'>";
echo '<input type="submit" name="ruasubmit" value="RUA!" />';
echo '</form>';
Echo "drop = ";
echo $drop;
echo '<p>';
echo "ruavalue = ";
echo $ruavalue;
} else {
echo "You Have RUA'ed To This Boss";
}

if (isset($_POST['ruasubmit'])) {
    if (preg_match("/norm/i", $drop)) {

        //Normal Value Is 0 - No RUA Submitted
        if ($ruavalue == 0) {
            $ruaboss = $_POST['boss'];
            $ruauser = $_POST['main'];
            $ruasql = "UPDATE `RUASEXCELL` SET `$ruaboss`=1 WHERE Username = '$ruauser'";
            $add_rua = mysql_query($ruasql);
        }
        //Nomral Value Is 1 - Normal RUA Submitted
        elseif ($ruavalue == 1) {
            echo "nothing to do";
        }

        //Normal Value Is 2 - Heroic RUA Submitted
        elseif ($ruavalue == 2) {
            $ruaboss = $_POST['boss'];
            $ruauser = $_POST['main'];
            $ruasql = "UPDATE `RUASEXCELL` SET `$ruaboss`=3 WHERE Username = '$ruauser'";
            $add_rua = mysql_query($ruasql);
        }
        //Nomral Value Is 3 - Normal & Heroic RUA Submitted
        elseif ($ruavalue == 3) {
            echo "nothing to do";

        }
    }

    elseif (preg_match("/hc/i", $drop)) {
        //Heroic Value Is 0 - No RUA Submitted
        if ($ruavalue == 0) {
            $ruaboss = $_POST['boss'];
            $ruauser = $_POST['main'];
            $ruasql = "UPDATE `RUASEXCELL` SET `$ruaboss`=2 WHERE Username = '$ruauser'";
            $add_rua = mysql_query($ruasql);
        }

        //Heroic Value Is 1 - Normal RUA Submitted
        elseif ($ruavalue == 1) {
            $ruaboss = $_POST['boss'];
            $ruauser = $_POST['main'];
            $ruasql = "UPDATE `RUASEXCELL` SET `$ruaboss`=3 WHERE Username = '$ruauser'";
            $add_rua = mysql_query($ruasql);
        }
        //Heroic Value Is 2 - Heroic RUA Submitted
        elseif ($ruavalue == 2) {
            echo "nothing to do";
                }
        //Heroic Value Is 3 - Normal & Heroic RUA Submitted
        elseif ($ruavalue == 3) {
            echo "nothing to do";
        }

    }
}

我上面的当前代码根本不起作用我不确定我做错了什么但想法是当按下按钮时php检查它被点击然后执行基于$ ruavalue值的SQL字符串

1 个答案:

答案 0 :(得分:1)

  1. 请强烈考虑使用MySQLi而不是MySQL 很快消失了。
  2. 我建议将ruasubmit的常用检查拉出到自己的测试中,并在其中包含四个复杂的情况。这只是为了清理代码。
  3. 如果用户可能伪造的话,你不会清理'boss'和'main'条目,从而冒着SQL注入攻击的风险。
  4. 当然,您已正确连接到MySQL服务器,在显示的代码之后,您可能会检查$ add_rua中的状态吗?你能详细说明“根本不起作用”吗?
相关问题
最新问题