我通过创建导致include()文件的GET VARS在我的页面上使用PHP模板。我在博客页面上有一个评论系统,它在提交时发送一个AJAX GET请求。但是,当用户单击提交时,所有变量都会转到url,我的php模板脚本无法识别它,为了安全起见,只需重定向回主页。我该如何避免这种情况?
AJAX代码:
<script>
function postComment() {
if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp = new XMLHttpRequest();
}
else {// code for IE6, IE5
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
document.getElementById("commentHint").innerHTML = xmlhttp.responseText;
}
}
var comment = document.getElementById("commenter").value;
var id = document.getElementById("postID").value;
xmlhttp.open("GET", "commentpost.php?comment=" + comment + "&postID=" + id, true);
xmlhttp.send();
}
setTimeout("postComment()", 1000);
</script>
<form>
<div id="comment">
<textarea name="comment" id="commenter" rows="4" cols="125" style="max-width: 950px; max-height: 140px;" placeholder="<?php echo $_SESSION["name"] ?>, Write Your Comment Here" class="form-control"></textarea><br>
<div id="commentHint"></div>
<input type="submit" onclick="postComment()" value="Submit Comment" class="btn btn-success btn-sm ">
<input type="hidden" value="<?php echo $post_id ?>" id="postID">
</div>
</form>
模板代码:
$p = $_GET["page"];
if (preg_match("</^[a-zA-Z ]*$/>", $p)) {
session_start();
session_destroy();
header("location: index.php?error=2");
} else {
switch ($p) {
case "2";
include("about.php");
break;
case "3";
include("games.php"); //CREATE PAGES
break;
case "4";
include("blog.php"); <== THIS PAGE IS THE BLOG PAGE
break;
case "5";
include("info.php");
break;
case "6";
include("settings.php");
break;
case "7";
include("functiontest.php");
break;
case "8";
include("styletech.php");
break;
case "9";
include("userlist.php");
break;
case "10";
include("adminpanel.php");
break;
case "11";
include("StyleTuts/styletech.php");
break;
default:
include("home.php");
break;
}
}