PHP url参数传递给其他php页面

时间:2011-10-12 07:23:37

标签: php url parameters

我有问题通过url参数将值传递给其他页面。我想通过点击REJECT按钮拒绝基于所选bookingID的预订。但是,bookingID值未传递到其他网页,网址显示为http://localhost/tablesortapprovebook/approve_booking.php?bookingID=

这是我的编码部分:

的index.php

<head>
<script src="jquery-latest.js" type="text/javascript"></script>
<script src="jquery.tablesorter.js" type="text/javascript"></script>
<script>
$(document).ready(function() {
$("#myTable").tablesorter({widgets: ['zebra']});
});

$(document).ready(function() 
{ 
    $("#myTable").tablesorter(); 
} 
);

$(document).ready(function() 
{ 
    $("#myTable").tablesorter( {sortList: [[0,0], [1,0]]} ); 
} 
);
</script>
<link href="style.css" rel="stylesheet" type="text/css">
<link href="stylelogin.css" rel="stylesheet" type="text/css">
</head>
<body>

<?php

include("dbconfig.php");

$query = "SELECT customer.companyName, customer.contactName, eventinfo.eventTitle,boothAlias,date, testbook.bstatus, testbook.username, bookingID  from eventinfo, testbook, customer where testbook.username=customer.username AND testbook.eventID=eventinfo.eventID";

$o = '<table id="myTable" class="tablesorter" width="930px"><thead><tr><th>Company Name</th><th>Contact Name</th><th>Event</th><th>Booth</th><th>Date</th><th>Status</th></tr></thead><tbody>';



$result = mysql_query($query);
        while($row=mysql_fetch_array($result))
        {
        $boothAlias=stripslashes($row["boothAlias"]);
        $eventTitle=stripslashes($row["eventTitle"]);
        $date=stripslashes($row["date"]);
        $bstatus=stripslashes($row["bstatus"]);
        $companyName=stripslashes($row["companyName"]);
        $contactName=stripslashes($row["contactName"]);
        $bookingID=stripslashes($row["bookingID"]);


if($bstatus==0){
    $status="Pending";
}else if($bstatus==1){
    $status="Successful";
}else{
    $status="Reject";
}


$o .= '<tr><td width="120px">'.$companyName.'</td><td width="120px">'.$contactName.'</td><td width="180px">'.$eventTitle.
'</td><td width="70px">'.$boothAlias.'</td><td width="170px">'.$date.'</td><td width="70">'.$status.'</td><td>'.$bookingID.'
</td><td width="100"><input type="hidden" name="bookingID" value="<?php echo $bookingID; ?>" ><a href="approve_booking.php?bookingID=".$bookingID.
" name="REJECT" id="REJECT"><input width="100px" name="REJECT" type="submit" id="REJECT" value="Reject"></a></td></tr>';
}

$o .= '</tbody></table>';

echo $o;
?>

</body>

approve_booking.php

<?php

mysql_connect("localhost", "root", "") or die (mysql_error());
mysql_select_db("eventdb") or die (mysql_error());

$booking=$_GET['bookingID'];
echo $booking;

if(isset($_POST['APPROVED']))
    {

        $query2 = "UPDATE testbook SET bstatus ='0' WHERE bookingID='$booking'";
            $result2 = @mysql_query($query2);
    }


if (isset($_POST['REJECT']))
    {
        $query3 = "UPDATE testbook SET bstatus ='2' WHERE bookingID='$booking'";
            $result3 = @mysql_query($query3);

    }



?>

2 个答案:

答案 0 :(得分:0)

我真的不知道你的问题是什么,但尝试$ _REQUEST ['....']而不是$ _GET ['...']。

顺便提一下,你有一个SQL注入漏洞:

$booking=$_GET['bookingID'];

将其替换为:

$booking=mysql_escape_string($_GET['bookingID']);

答案 1 :(得分:0)

这里有很多无效的语言用法。你的具体问题:

 '</td><td width="100"><input type="hidden" name="bookingID"
   value="<?php echo $bookingID; ?>" >
 <a href="approve_booking.php?bookingID=".$bookingID." name="REJECT"'

您处于'单引号'上下文中,".$bookingID."因此不起作用。实际上,不正确的双引号只会终止HTML属性。

上面的<?php echo...也不会在字符串中起作用(无论是单引号还是双引号)。