在我的表中,我有各种请求,每个请求都有自己的参考号。 用户可以看到页面上的请求数,但我希望用户能够单独单击每个请求并转到新页面以查看该请求的具体详细信息。
我试图在单击请求时回显超链接中的引用,并在下一页上运行查询以检索该请求的名称等时,它将仅显示与该引用号匹配的信息,即{ {1}}
但是我不知道如何做到这一点,我也担心这是安全的,如果我的查询检查我的网址中的引用,即'SELECT * WHERE reference = $row['reference'].,是什么阻止用户只需手动输入在网址中有不同的参考编号?
mypage.php?reference=1234如果用户实际点击了请求,他们应该只能查看该页面,他们永远不能将其直接输入到网址中,因为这会带来安全风险。
我可能会将我的引用掩盖到字符串中吗?并回显'mypage.php?reference=2468
page1.php中
mypage.php?reference=$someStringmypage.php
<div class="results_area">
<h44>Existing Supplier Request's</h44>
<?php
$conn = new mysqli($host, $username, $password, $db_name);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error); }
$sql = "select * from new_supplier_request where status!= 'complete' AND action_taken='actioned'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo '<div class="table_header"><p>Request By</p><p>Date Requested</p><p>Status</p><p>Supplier Name</p><p>Description</p><p>Action</p></div>'; ?>
</div>
<div class="results_area"><?php
while($row = $result->fetch_assoc()) {
echo '<div class="request"><a href="ns_application.php?ns_request='.$row['reference'].'/">';
答案 0 :(得分:0)
You can use JavaScript to solve this problem.
I don't think that this will be 100% secure but actually it's more secure way than you are using now.
echo "<div .... onclick='showuniquereference('".$row['reference']."')'>"."</div>";
And Function like this
function showuniquereference(code)
{
var reference = code;
var form = document.createElement("form");
form.method = "POST";
form.action = "mypage.php";
var input = document.createElement("input");
input.name = "reference";
input.value = reference;
input.type = "hidden";
form.appendChild(input);
document.body.appendChild(form);
form.submit();
}
You can use this posted data to show unique reference to users.