为了安全起见,我想从URL中删除客户ID。当前,当我单击表中的一行时,将显示“客户”页面。客户页面的URL将显示以下内容。
http://localhost/test/view_customer?customer_id=12&operation=edit
显示客户详细信息的行使用以下代码链接到客户页面
onclick="window.location='view_customer?customer_id=<?php echo htmlentities ($row['id']) ?>&operation=edit';"
如何避免回显customer_id,但又有可用数据?可以使用$ _POST进行此操作吗?我将如何编辑代码?
答案 0 :(得分:5)
您可以:
import psycopg2 as p
conn = p.connect("dbname=Chicago user=postgres password=admin host=localhost ")
cur = conn.cursor()
cur.execute("select * from chicago_2po_4pgr group by id")
nbrows = cur.rowcount
rows = cur.fetchall()
elev=result[1].text
x=result[0][1].text
y=result[0][0].text
//I'm getting elev,x and y after using api google elevation request
for j in range (0,nbrows):
xs=str(rows[j][14])
ys=str(rows[j][15])
xt=str(rows[j][16])
yt=str(rows[j][17])
el_1=str(rows[j][30])
el_2=str(rows[j][31])
if x==xs and y==ys and el_1=='None':
cur.execute("update chicago_2po_4pgr set elev_1=%s where
x1=%s and y1=%s" %(elev,xs,ys))
if x==xt and y==yt and el_2=='None':
cur.execute("update chicago_2po_4pgr set elev_2=%s where
x2=%s and y2=%s" %(elev,xt,yt))
及其值进行加密,并将其保留在url中customer_id存储在php会话中customer_id重写URL(URL可以变成.htaccess)希望有帮助! :)
答案 1 :(得分:0)
您可以在HTML中放置一个虚拟表单:
<form id="editform" method="POST" action="view_customer.php" style="display:none">
<input id="customer_id" name="customer_id" type="hidden" />
<input id="operation" name="operation" type="hidden" value="edit" />
</form>
添加脚本以发布表单:
<script type="text/javascript">
function edit(customer_id) {
var cid = document.getElementById('customer_id');
cid.value = customer_id;
var f = document.getElementById('editform');
f.submit();
}
</script>
然后将您的点击代码更改为
onclick="edit(<?php echo htmlentities ($row['id']) ?>)"
这会将值发布到view_customer.php,在该代码中,您只需将$_GET更改为$_POST。