该ID不会通过表单提交从1页发送到另一页

时间:2015-04-06 17:55:23

标签: php

我正在尝试将用户名从1页发送到下一页,只需单击表单即可发送图像详细信息,但用户名不是。

<?php

    // Connect to server and select database.
    include("connect.php");

    //Get username from address bar
    $username=$_GET['id'];

    $sql="SELECT * FROM image_upload WHERE user = '$username'";
    $result=mysql_query($sql);
    $row=mysql_fetch_array($result);

    //test is username is being sent to this page
    echo "select image to $username folder";
?>

<form action="process.php?id=<?php echo $row['username']; ?>" method="post"  enctype="multipart/form-data">
    <input type="file" name="image">
    <p>
    <input type="submit" name="submit" value="Upload">
</form>

以下是process.php页面的代码,这就是问题所在。

<?php

include("connect.php");

$username=$_GET['id'];
if(isset($_POST['submit']))
{
    $sql="SELECT * FROM image_upload WHERE user = '$username'";
    $result=mysql_query($sql);
    $row=mysql_fetch_array($result);

    $imageName = mysql_real_escape_string($_FILES["image"]["name"]);
    $imageData = mysql_real_escape_string(file_get_contents($_FILES["image"]["tmp_name"]));
    $imageType = mysql_real_escape_string($_FILES["image"]["type"]);
    $tmp_name  = mysql_real_escape_string($_FILES["image"]["tmp_name"]);

    //Get current working directory
    $curdir = getcwd();

    //testing uploaded file is an image
    if(substr($imageType,0,5) == "image")
    {
         //testing out information has passed over
         echo "$username";
         echo "<br>";
         echo "$curdir now has $imageType";
         echo "<br>";
         echo "$imageName";
         echo "<br>";
    }else{
         echo "Sorry images only";
    }
}
?>

2 个答案:

答案 0 :(得分:1)

使用POST时不要在action属性中放置值,除非您希望它们被浏览器剥离。即使使用GET,也不好将值放在action中。将它们放在<input type='hidden' /> 

<form action="process.php" method="post"  enctype="multipart/form-data">
    <input type="hidden" name="id" value="<?php echo $row['username']; ?>" />
    <input type="file" name="image">
    <p>
    <input type="submit" name="submit" value="Upload">
</form>

答案 1 :(得分:1)

<?php

    // Connect to server and select database.
    include("connect.php");

    //Get username from address bar
    $username=$_GET['id'];

    //Validate and Sanitize the username

    $sql="SELECT * FROM image_upload WHERE user = '$username'";
    $result=mysql_query($sql);
    $row=mysql_fetch_array($result);
    /*
      you already have the username from $_GET[]
      but if you want it from image_upload
      you need to use the correct column name to start.

      Look at your query WHERE user = '$username'";
      "user" is the column name, so......
    */
    $userid = $row['user'];

    //test is username is being sent to this page
    echo "select image to $username folder";

    // Personally I'd pass the username in the form as a hidden input
?>

<form action="process.php" method="post" enctype="multipart/form-data">
    <input type="hidden" name="id" value="<?php echo $userid; ?>" />
    <input type="file" name="image">
    <p>
    <input type="submit" name="submit" value="Upload">
</form>

更新版本 

<?php

    //Get username from address bar -- sanitize it
    $username = strip_tags(trim($_GET['id'])); 

    // Connect to server and select database.
    include("connect.php");
    $n = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM image_upload WHERE user = '$username'"),0);
    IF ($n) {

        $response = '
<form action="process.php" name="myform" method="post" enctype="multipart/form-data">
    <input type="hidden" name="id" value="'.$username.'">
    <input type="file" name="image">
    <input type="submit" name="submit" value="Upload">
</form>';

    }ELSE{

        $response = "<p>No match for ".$username."</p>";

    }
    mysql_close($connection); // change this to match your $conn var

    echo $response;

?>
相关问题
最新问题