我无法让Framework7在下一页上使用网址变量?username=User1。
它生成并分配给第1页的链接,但不会在第2页的SQL查询或echo语句中使用。
第1页使用;
在超链接中设置变量profile.php?username=<?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8'); ?>
第2页'获取'变量使用;
<?php $username = (isset($_GET['username']))? trim(strip_tags($_GET['username'])) : ""; ?>
Framework7是一个Web应用程序框架 - www.idangero.us/framework7 /.
编辑添加profile.php的完整源代码,即使用变量。
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: index.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to index.php");
}
// Everything below this point in the file is secured by the login system
// We can retrieve a list of members from the database using a SELECT query.
// In this case we do not have a WHERE clause because we want to select all
// of the rows from the database table.
$query = "
SELECT
id,
username,
email
FROM users WHERE username = '$username'
";
try
{
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$stmt->execute();
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Finally, we can retrieve all of the found rows into an array using fetchAll
$rows = $stmt->fetchAll();
?>
<?php include('header.php') ?>
<div class="pages navbar-through toolbar-through">
<div class="page" data-page="profile">
<div class="page-content">
<div class="content-block">
<div class="content-block-inner">
<?php
print_r($_GET);
?>
<p>Profile content will go here - <?php echo '&username'; ?></p>
<?php foreach($rows as $row): ?>
<div>Username: <?php echo $row['username'] ?></div>
<div>Location: <?php echo $row['email'] ?></div>
<?php endforeach; ?>
<a href="private.php">Go Back</a><br />
</div>
</div>
</div>
</div>
</div>
<?php include('footer.php') ?>
我还打印了$GET变量,可以看到实际传递了变量值 - 由于某种原因它只是没有在查询中使用。
答案 0 :(得分:1)
您尚未分配$username变量,您应该使用以下内容:
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: index.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to index.php");
}
// Everything below this point in the file is secured by the login system
// We can retrieve a list of members from the database using a SELECT query.
// In this case we do not have a WHERE clause because we want to select all
// of the rows from the database table.
$username = (isset($_GET['username']))? trim(strip_tags($_GET['username'])) : "";
$query = "
SELECT
id,
username,
email
FROM users WHERE username = '$username'
";
try
{
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$stmt->execute();
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Finally, we can retrieve all of the found rows into an array using fetchAll
$rows = $stmt->fetchAll();
?>
<?php include('header.php') ?>
<div class="pages navbar-through toolbar-through">
<div class="page" data-page="profile">
<div class="page-content">
<div class="content-block">
<div class="content-block-inner">
<?php
print_r($_GET);
?>
<p>Profile content will go here - <?php echo $username; ?></p>
<?php foreach($rows as $row): ?>
<div>Username: <?php echo $row['username'] ?></div>
<div>Location: <?php echo $row['email'] ?></div>
<?php endforeach; ?>
<a href="private.php">Go Back</a><br />
</div>
</div>
</div>
</div>
</div>
<?php include('footer.php') ?>
您还应该在进入数据库之前逃避输入