我有一张可以发布的表格。我也有一个成功连接的SQL数据库。但是,当我关闭页面时,用户输入消失。如何让用户输入页面内容的一部分,几乎就像留言簿一样?
<p onclick="myFunction()">Click here to share your personal testimony</p>
<div id="formwindow">
<form action="http://needjesuskneadjesus.org/perstest.php" method="post">
Name: <input type="text" name="name">
<span class="error">* <?php echo $nameErr; ?></span>
<br>
Email: <input type="text" name="email">
<span class="error">* <?php echo $emailErr; ?></span>
<br>
Personal Testimony:<br> <textarea name="personalTestimony" rows="10" cols="50"></textarea><br>
<input type="Submit">
</form>
</div>
<script>
function myFunction() {
document.getElementById("formwindow").style.display = "block";
}
</script>
</br>
<?php
echo "Name: " . $_POST['name'];
?>
</br>
<?php
echo "Email: " . $_POST['email'];
?>
</br>
<?php
echo "Personal Testimony: " . $_POST['personalTestimony'];
?>
</br>
/* Attempt MySQL server connection.
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
// Escape user inputs for security
$name = mysqli_real_escape_string($link, $_REQUEST['name']);
$email = mysqli_real_escape_string($link, $_REQUEST['email']);
$personalTestimony = mysqli_real_escape_string($link,
$_REQUEST['personalTestimony']);
// attempt insert query execution
$sql = "INSERT INTO personalTestimony (name, email, testimony) VALUES
('$name', '$email', '$personalTestimony')";
if(mysqli_query($link, $sql)){
echo "Thanks for sharing your personal testimony.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
*/
?>
答案 0 :(得分:0)
您可以使用PHP Sessions存储用户评论,这将显示旧评论
<?php
session_start();
$name;
$email;
$personalTestimony;
if($link === false){
die('ERROR: Could not connect.' . mysqli_connect_error());
}
if (!isset($_POST['name']) && !isset($_POST['email']) && !isset($_POST['personalTestimony'])) {
$name = $_POST['name']);
$email = $_POST['email'];
$personalTestimony = $_POST['personalTestimony']);
// attempt insert query execution
$sql = mysqli_prepare($link, "INSERT INTO personalTestimony (name, email, testimony) VALUES ('$name', '$email', '$personalTestimony'))";
if(mysqli_query($link, $sql)){
echo 'Thanks for sharing your personal testimony.';
} else{
echo 'ERROR: Could not able to execute $sql. ' . mysqli_error($link);
}
} elseif (!empty($_SESSION['name']) || !empty($_SESSION['email']) || !empty($_SESSION['testimony'])) {
$_SESSION['name'] = $name;
$_SESSION['email'] = $email;
$_SESSION['testimony'] = $personalTestimony;
}
}
// close connection
mysqli_close($link);
?>
我换了 mysqli_real_escape_string到mysqli_prepare,因为它的字符更少,并提供更多的安全性。您可以阅读更多相关信息here。
这只会在以太会话到期之前有效(您可以配置此here)或客户端清除其Cookie。