我有问题通过url参数将值传递给其他页面。我想通过点击REJECT按钮拒绝基于所选bookingID的预订。但是,bookingID值未传递到其他网页,网址显示为http://localhost/tablesortapprovebook/approve_booking.php?bookingID=
这是我的编码部分:
的index.php
<head>
<script src="jquery-latest.js" type="text/javascript"></script>
<script src="jquery.tablesorter.js" type="text/javascript"></script>
<script>
$(document).ready(function() {
$("#myTable").tablesorter({widgets: ['zebra']});
});
$(document).ready(function()
{
$("#myTable").tablesorter();
}
);
$(document).ready(function()
{
$("#myTable").tablesorter( {sortList: [[0,0], [1,0]]} );
}
);
</script>
<link href="style.css" rel="stylesheet" type="text/css">
<link href="stylelogin.css" rel="stylesheet" type="text/css">
</head>
<body>
<?php
include("dbconfig.php");
$query = "SELECT customer.companyName, customer.contactName, eventinfo.eventTitle,boothAlias,date, testbook.bstatus, testbook.username, bookingID from eventinfo, testbook, customer where testbook.username=customer.username AND testbook.eventID=eventinfo.eventID";
$o = '<table id="myTable" class="tablesorter" width="930px"><thead><tr><th>Company Name</th><th>Contact Name</th><th>Event</th><th>Booth</th><th>Date</th><th>Status</th></tr></thead><tbody>';
$result = mysql_query($query);
while($row=mysql_fetch_array($result))
{
$boothAlias=stripslashes($row["boothAlias"]);
$eventTitle=stripslashes($row["eventTitle"]);
$date=stripslashes($row["date"]);
$bstatus=stripslashes($row["bstatus"]);
$companyName=stripslashes($row["companyName"]);
$contactName=stripslashes($row["contactName"]);
$bookingID=stripslashes($row["bookingID"]);
if($bstatus==0){
$status="Pending";
}else if($bstatus==1){
$status="Successful";
}else{
$status="Reject";
}
$o .= '<tr><td width="120px">'.$companyName.'</td><td width="120px">'.$contactName.'</td><td width="180px">'.$eventTitle.
'</td><td width="70px">'.$boothAlias.'</td><td width="170px">'.$date.'</td><td width="70">'.$status.'</td><td>'.$bookingID.'
</td><td width="100"><input type="hidden" name="bookingID" value="<?php echo $bookingID; ?>" ><a href="approve_booking.php?bookingID=".$bookingID.
" name="REJECT" id="REJECT"><input width="100px" name="REJECT" type="submit" id="REJECT" value="Reject"></a></td></tr>';
}
$o .= '</tbody></table>';
echo $o;
?>
</body>
approve_booking.php
<?php
mysql_connect("localhost", "root", "") or die (mysql_error());
mysql_select_db("eventdb") or die (mysql_error());
$booking=$_GET['bookingID'];
echo $booking;
if(isset($_POST['APPROVED']))
{
$query2 = "UPDATE testbook SET bstatus ='0' WHERE bookingID='$booking'";
$result2 = @mysql_query($query2);
}
if (isset($_POST['REJECT']))
{
$query3 = "UPDATE testbook SET bstatus ='2' WHERE bookingID='$booking'";
$result3 = @mysql_query($query3);
}
?>
答案 0 :(得分:0)
我真的不知道你的问题是什么,但尝试$ _REQUEST ['....']而不是$ _GET ['...']。
顺便提一下,你有一个SQL注入漏洞:
$booking=$_GET['bookingID'];
将其替换为:
$booking=mysql_escape_string($_GET['bookingID']);
答案 1 :(得分:0)
这里有很多无效的语言用法。你的具体问题:
'</td><td width="100"><input type="hidden" name="bookingID"
value="<?php echo $bookingID; ?>" >
<a href="approve_booking.php?bookingID=".$bookingID." name="REJECT"'
您处于'
单引号'
上下文中,".$bookingID."
因此不起作用。实际上,不正确的双引号只会终止HTML属性。
上面的<?php echo...
也不会在字符串中起作用(无论是单引号还是双引号)。