【发布时间】:2020-03-19 18:07:55
【问题描述】:
这是我的代码。这是为了移除任何借款人。当该过程成功时,它应该会转到books.php,但相反,它会转到我的索引页
<?php
if (isset($_POST['return'])) {
require 'include.dbh.php';
$id = $_POST['return'];
$sqlr = "DELETE FROM borrower WHERE id=" . $id;
echo $sqlr;
if (mysqli_query($conn, $sqlr)) {
header("Location: ../books.php?borrowedbookhasbeenreturned");
exit();
} else {
header("Location ../books.php?error=connectionerror");
exit();
}
mysqli_close($conn);
} else {
header("Location: ../books.php");
}
?>
这是我 book.php 的代码,我也是 PHP 的初学者。当点击按钮时,它会将借用者的 id 发送到上面的代码,然后它会做它的事情。很好,但它没有将我重定向到应该在的页面,而是将我重定向到 index.php
<?php
session_start();
if (!isset($_SESSION['userID'])) {
header("Location: ../login.php");
} else if (!isset($_POST['submit'])) {
header("Location: index.php");
} else {
$butt = $_POST['submit'];
require 'php/include.dbh.php';
$sql = "SELECT * FROM bookinfo WHERE btitle='" . $butt . "'";
if ($result = $conn->query($sql)) {
while ($row = $result->fetch_assoc()) {
$ID = $row['bid'];
$bookname = $row['btitle'];
$desc = $row['bdesc'];
$q = $row['quantity'];
$img = $row['imgpath'];
}
/*freeresultset*/
$result->free();
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="css/up.css">
<link rel="icon" href="img/favicon.jpg">
<meta name="viewport" content="width=device-width">
</head>
<body>
<div class="content">
<div class="header">
<table class="heading">
<tr>
<td>
<span class="title">Seshat</span>
<span class="tag"> | a faster way to record books</span>
</td>
<td style="text-align: right;">
<span class="title">Book Details</span>
</td>
</tr>
</table>
<hr>
<div class="cheader">Book Details</div>
<div class="cbody">
<div class="booktitle">
<table>
<tr>
<td>
<label for="">Title: </label>
<span><?php echo $bookname; ?></span>
</td>
<td>
<label for="">Book ID:</label>
<span name="bid"><?php echo $ID; ?></span>
</td>
</tr>
</table>
</div>
<hr>
<div>
<label for="">total quantity: </label>
<span><?php echo $q; ?></span>
</div>
<br>
<div class="description">
<label for="">Description </label>
<div>
<p>
<?php
echo $desc;
?>
</p>
</div>
</div>
<div class="buttons">
<div onclick="show()" id="s" name="borrow">Borrow</div>
<form action="php/include.discard.php" method="POST">
<button value="<?php echo $bookname; ?>" type="submit" name="discard"
title="Delete this Book">Discard</button>
</form>
</div>
</div>
<div class="cheader">Book Details</div>
<div class="cbody">
<form action="php/include.return.php" method="POST">
<div class="users">
<table border="1">
<thead>
<td id="asize">Book ID</td>
<td id="asize">Name</td>
<td id="asize">Grade And Section</td>
<td id="asize">LRN</td>
<td id="asize">Borrowed date</td>
<td id="asize">Date Of expected return</td>
<td id="asize" class="v">Actions</td>
</thead>
<!-- ----------------------------------- -->
<?php
$sqlb = "SELECT * FROM borrower where gid='" . $butt . "'";
if ($result = $conn->query($sqlb)) {
while ($row = $result->fetch_assoc()) {
$field1name = $row["bid"];
$field2name = $row["fname"] . " " . $row["lname"];
$field3name = $row["grade"] . " - " . $row["section"];
$field4name = $row["lrn"];
$field5name = $row["dob"];
$field6name = $row["der"];
$id = $row['id'];
echo '<tr>
<td>' . $field1name . '</td>
<td>' . $field2name . '</td>
<td>' . $field3name . '</td>
<td>' . $field4name . '</td>
<td>' . $field5name . '</td>
<td>' . $field6name . '</td>
<td><button type="submit" name="return" value="' . $id . '" class="edit" title="return the books">Return</button></td>
</tr>';
}
$result->free();
}
?>
<!-- ------------------------------------------- -->
</table>
</div>
</form>
</div>
<br>
<hr><br>
<div id="f">
<div class="cheader">Borrow Form</div>
<div class="cbody" id="form">
<span style="margin:20pt 20pt;">Student</span>
<form class="" action="php/include.book.php" method="post">
<div class="student">
<table class="formt">
<tr>
<td>
<span>First Name</span>
<br>
<input id="nem" type="text" name="fn" value="">
</td>
<td>
<span>Last Name</span>
<br>
<input type="text" name="ln" value="">
</td>
<td>
<span>Grade And Section</span><br>
<input style="width:30%;" name="g" type="number" placeholder="Grade" value="">
<input style="width:50%;" type="text" placeholder="Section" name="s" value="">
</td>
<td>
<span style="font-size:10pt">Learner's Reference Number</span>
<br>
<input type="text" name="lrn" value="">
</td>
</tr>
</table>
</div>
<span style="margin:20pt 20pt;">Book</span>
<div class="student">
<table class="formt">
<tr>
<td>
<span>Book ID</span>
<br>
<input type="text" name="bid">
</td>
<td>
<span style="font-size: 8pt;">Date of Borrowing and the day of expected
return</span>
<br>
<input type="date" name="dob" style="width:40%;">
<input type="date" name="der" style="width:40%;">
</td>
</tr>
</table>
</div>
<br>
<div class="buttons">
<button type="submit" <?php echo "value='" . $butt . "'"; ?> name="submit">Submit</button>
<button type="reset">Reset</button>
</div>
</div>
</form>
</div>
<div id="last">
<form action="php/include.book.php" method="POST" enctype="multipart/form-data">
<div id="bt" class="buttons">
<button type="submit" name="back">Back to Main</button>
</div>
</form>
</div>
</div>
</div>
</div>
<script type="text/javascript">
function show() {
if (document.getElementById("f").style.height < "384px") {
document.getElementById("f").style.transition = ".5s";
document.getElementById("f").style.height = "384px";
document.getElementById("f").style.opacity = "1";
document.getElementById("s").innerHTML = "Close";
document.getElementById("bt").style.top = "0pt";
} else {
document.getElementById("f").style.transition = ".5s";
document.getElementById("f").style.height = "0px";
document.getElementById("f").style.display = "0";
document.getElementById("s").innerHTML = "Borrow";
document.getElementById("bt").style.top = "-20pt";
}
}
</script>
</body>
</html>
【问题讨论】:
-
顺便说一句,不要简单地将
$id附加到查询的末尾。这使您容易受到 SQL 注入的攻击。 -
相对 URLs
../books.php?borrowedbookhasbeenreturned? -
如果你放置完整的绝对 URL 会发生什么?不过,从未将 header() 与相对 URL 一起使用。此外,您的一个 headers() 中缺少
:。 -
你能把books.php的代码贴出来吗?
-
header("位置:../books.php?borrowedbookhasbeenreturned");这不是有效的 PHP。您需要在 URL 中传递一个参数。 “borrowedbookhasbeenreturned”值与什么参数有关?
标签: php