PHP不传递变量 [英] php not passing along variables
问题描述
我正在尝试为我的课程项目创建我的预订网站,并且已经完全脱离了我的联盟。我当前的问题涉及这样一个事实,即由于某种原因,我的代码正在向我的内置错误处理程序投掷,以验证是否输入了变量。
我的目标是创建一个页面查询我的数据库并返回哪些网站符合列出的要求(日期/设施),然后在另一个页面上回显出来我也在努力)。
我意识到我的代码很糟糕。公平地说,我在这方面非常糟糕。正如我在前一篇文章中所说的,我的教授把我推进了一个我没有背景并且没有做好准备的大型项目。
随机想法 - 我认为问题的一部分可能是phpmyadmin对日期使用了非常糟糕的格式(我认为它是年/月/日),这就是抛出错误的原因。当我试着用google搜索这个答案时,它希望我通过数据库结构转换数据,但该选项不是通过000webhost.com(它位于我的本地主机上)给出的。
新年快乐!
网址: https://campease.000webhostapp.com/index.php - 点击营地
标题代码:
<?php
@session_start();
require_once(includes / dbh.inc.php);
?>
<!DOCTYPE html>
< html>
< head>
< script src =https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js>< / script>
< script>
$(document).ready(function(){
$('#login-trigger')。click(function(){
$(this).next('#login-内容')。slideToggle();
(this).toggleClass('active');
if($(this).hasClass('active'))$(this) ('&#x25BC;')
}。 )
});
$(document).ready(function(){
$('#reserve-trigger')。click(function(){
$(this).next('#reserve-内容')。slideToggle();
$(this).toggleClass('active');
})
}); $('#reserve-trigger')。on('focusout',function(){
$(this).toggleClass('active');
}); $($#$ b $('#login-trigger')。on('focusout',function(){
$(this).toggleClass('active');
});
< / script>
< link rel =stylesheethref =https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/themes/smoothness/jquery-ui.css>
< script src =https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js>< / script>
< script src =https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js>
< SCRIPT TYPE =text / javascript>
< / script>
< script>
$(document).ready(function(){$(#startdate)。datepicker();});
$(document).ready(function(){$(#enddate)。datepicker();});
< / script>
< link rel =stylesheethref =./ css / style.css>
< / head>
< body>
< header>
< div class =container>
< div id =品牌>
< h1>< span class =highlight>耳语< / span>风之公园< / h1>
< / div>
< nav>
< ul>
< li class =current>< a href =index.php>主页< / a>< / li>
< li>< a href =mission.php>我们的使命< / a>< / li>
< li>< a href =donate.php>捐赠< / a>< / li>
< li>< a id =reserve-triggerhref =#>露营< / a>
< div id =reserve-contenttabindex = - 1>
< form action =includes / reserve.inc.phpmethod =POST>
< fieldset id =inputs2>
< ul>
< input id =startdateplaceholder =Start Date/>
< input id =enddateplaceholder =End Date/>
< li id =chk>< label for =fire> Fire Pit:< / label>< input type =checkboxvalue =Fire><李>
< li id =chk>< label for =electric> Electricity:< / label>< input type =checkboxvalue =Electric>< / li> ;
< li id =chk>< label for =sewer>污水:< / label>< input type =checkboxvalue =Sewer>< / li> ;
< button type =submitclass =button3name =submit1>查找预订< / button>
< / ul>
< / fieldset>
< / form>
< / div>
< / li>
<! - / *登入按钮* / - >
<?php
if(isset($ _ SESSION [u_uid])){
echo'
< li>< form action =includes / logout。 inc.phpmethod =POST>
< button type =submitclass =button_1name =Submit>注销< / button>
< / form>< / button>< / li>';
} else {
echo
'< li id =login>
< a id =login-triggerhref =#>
< button class =button_1>登录< span>▼< / span>< / button>
< / a>
< div id =login-contenttabindex = - 1>
< form action =includes / login.inc.phpmethod =POST>
< fieldset id =inputs>
< input type =textname =uidplaceholder =用户名必填>
< input type =passwordname =pwdplaceholder =Passwordrequired>
< button type =submitclass =button3name =Submit>登录< / button>
< / fieldset>
< / form>
< / div>
< / li>
< li id =注册>
< a href =signup.php>< button class =button_1>注册< /按钮>< / a>
< / li>';
}
?>
<?php
if(isset($ _ SESSION [u_admin]))
{
echo'
< li id =signup>
< a href =admin.php>< button class =button_1>管理员< /按钮>< / a>
< / li>';
}
?>
< / ul>
< / nav>
< / div>
< / header>
< / body>
检索代码:
<?php
@session_start();
if(isset($ _ POST ['submit1'])){
require_once(dbh.inc.php);
$ fire = 0;
$ electric = 0;
$ sewer = 0;
if(isset($ _ POST ['startdate']))
$ _SESSION ['startdate'] = $ _POST ['startdate'];
if(isset($ _ POST ['enddate']))
$ _SESSION ['enddate'] = $ _POST ['enddate'];
if(!empty($ _ POST ['fire'])){
$ fire = mysqli_real_escape_string($ conn,$ _POST ['fire']);
$ b $ if(!empty($ _ POST ['electric'])){
$ electric = mysqli_real_escape_string($ conn,$ _POST ['electric']);
}
if(!empty($ _ POST ['sewer'])){
$ sewer = mysqli_real_escape_string($ conn,$ _POST ['sewer']);
if(empty($ startdate)|| empty($ enddate)){
header(Location:../index.php?指数= empty_dates);
exit();
$ sql =SELECT * FROM campsite WHERE water ='$ sewer'OR fire ='$ fire'OR electric ='$ electric'
AND site_id NOT IN(SELECT site_id FROM reservation
where startdate ='$ startdate'and'$ startdate'< ='$ enddate');
$ result = mysqli_query($ conn,$ sql);
$ resultCheck = mysqli_num_rows($ result);
if($ resultCheck< 1){
header(Location:../index.php?index=no_available_camps);
exit();
} else {
while($ row = mysqli_fetch_assoc($ result)){
if($ row = mysqli_fetch_assoc($ result)){
$ siteID = mysqli_real_escape_string($ conn,$ _POST ['site_id']);
$ uid = mysqli_real_escape_string($ conn,$ _POST ['uid']);
$ start = mysqli_real_escape_string($ conn,$ _POST ['startdate']);
$ end = mysqli_real_escape_string($ conn,$ _POST ['enddate']);
$ price = mysqli_real_escape_string($ conn,$ _POST ['s_price']);
//错误处理程序
//检查空字段
if(empty($ start)|| empty($ end)){
标题(Locaction:../reserve.php?=error);
exit();
} else {
//确定日期是否可用
$ sql =选择*从露营地开始,其中startdate< ='$ start'AND其中startdate>'$ end';
$ result = mysqli_query($ conn,$ sql);
$ resultcheck = mysqli_num_rows($ result);
$ b $ if($ resultcheck> 0){
header(Location:../reserve.php?=error2);
} else {
$ sql =INSERT INTO campsite(site_id,uid,startdate,enddate)
VALUES('$ siteID','$ uid','$ start','$结束');;
header(Location:./ campground.php);
exit();
}
}
}
}
?>
HTML有一些错误,搜索营地实际上并未提交任何数据,这很可能是由于HTML中的一些错误。一个 ul
元素可以只有 li
元素作为子元素 - 但是那些 li
元素可以有其他内容(在这种情况下通常不是最好的方法),并且形成任何类型的输入元素都应该有一个名称属性和一个值。在预订表格 fire
, electric
和下水道
应该以1的值命名(参考上一个问题)。日期选择器需要有名称,所以要么不是ID,要么将它们命名为 startdate
和 enddate
因为PHP脚本期望它们在POST数组中。
如果表单确实成功提交数据并且sql查询运行良好,那么结果将显示在哪里?我可以看到表单的行为是 includes / reserve.inc.php
,它是代码的第二部分(PHP),但不输出任何内容。 / p>
在浏览器中编辑HTML以向各种表单元素添加属性并更改其值,然后在提交表单之前在实时页面上生成以下POST参数...
p> startdate = 01%2F03%2F2018& enddate = 01%2F17%2F2018& fire = 1& electric = 1& sewer = 1& submit1 =
以前只有 submit1
是出现。然而,还没有结果发回。
因为您已经在页面上为 jquery
要做的事情是使用ajax将数据发布到后端PHP脚本,并使用回调将HTML内容添加到当前页面?也许有些事情需要考虑。
<?php
@session_start();
require_once(includes / dbh.inc.php);
?>
<!DOCTYPE html>
< html>
< head>
< script src =// ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js\"> ;</script>
< script>
$(document).ready(function(){
$('#login-trigger')。click(function(){
$(this).next( ('(this).hasClass('active'))。$#$ b $(this).toggleClass('active');
如果($(this).hasClass('active')) $(this).find('span')。html('&#x25B2;')
else $(this).find('span')。html('&#x25BC;')
})
});
$(document).ready(function(){
$('#reserve-trigger')。click(function(){
$(this).next( '#reserve-content')。slideToggle();
$(this).toggleClass('active');
})
}); $()#
$('#reserve-trigger')。on('focusout',function(){
$(this).toggleClass('active');
}) ; $('#login-trigger')。on('focusout',function(){
$(this).toggleClass('active');
}) ;
< / script>
< link rel =stylesheethref =// ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/themes/smoothness/jquery-ui.css\">
< script src =// ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js\">
< script>
$(document).ready(function(){$(#startdate)。datepicker();});
$(document).ready(function(){$(#enddate)。datepicker();});
< / script>
< link rel =stylesheethref =./ css / style.css>
< / head>
< body>
< header>
< div class ='container'>
< div id ='branding'>
< h1>< span class ='highlight'>耳语< / span>风之公园< / h1>
< / div>
< nav>
< ul>
< li class ='current'>< a href ='index.php'>主页< / a>< / li>
< li>< a href ='mission.php'>我们的使命< / a>< / li>
< li>< a href ='donate.php'>捐赠< / a>< / li>
< li>< a id ='reserve-trigger'href ='#'>露营< / a>
< div id ='reserve-content'tabindex =' - 1'>
< form action ='includes / reserve.inc.php'method ='POST'>
< fieldset>
<! -
ul的子元素应该仅仅是li
,因此您需要更多的< li>< / li> `大约
某些项目在这里
表单输入元素需要name属性和datepickers类型
- >
< ul>
< li>< input type ='text'id ='startdate'name ='startdate'placeholder ='Start Date'/>< / li>
< li>< input type ='text'id ='enddate'name ='enddate'placeholder ='End Date'/>< / li>
<! -
复选框需要名称属性,否则它们不会在POST数组数据中出现
。将值设置为1,因为它有点存储在
中db无论如何
- >
< li>< label for ='fire'> Fire Pit:< / label>< input type ='checkbox'name ='Fire'value = 1>< / li>
< li>< label for ='electric'> Electricity:< / label>< input type ='checkbox'name ='Electric'value = 1>< / li>
< label>< label for ='sewer'>污水:< / label>< input type ='checkbox'name ='Sewer'value = 1>< / li>
< li>< button type ='submit'class ='button3'name ='submit1'>查找预订< /按钮>< / li>
< / ul>
< / fieldset>
< / form>
< / div>
< / li>
<! - / *登入按钮* / - >
<?php
if(isset($ _SESSION [u_uid])){
echo'
< li>
< form action =includes / logout.inc.phpmethod =POST>
< button type =submitclass =button_1name =Submit>注销< / button>
< / form>
< / li>';
} else {
echo
'< li id =login>
< a id =login-triggerhref =#>
< button class =button_1>登录< span>▼< / span>< / button>
< / a>
< div id =login-contenttabindex = - 1>
< form action =includes / login.inc.phpmethod =POST>
< fieldset id =inputs>
< input type =textname =uidplaceholder =用户名必填>
< input type =passwordname =pwdplaceholder =Passwordrequired>
< button type =submitclass =button3name =Submit>登录< / button>
< / fieldset>
< / form>
< / div>
< / li>
< li id =注册>
< a href =signup.php>< button class =button_1>注册< /按钮>< / a>
< / li>';
}
if(isset($ _SESSION [u_admin])){
echo'
< li id =signup>
< a href =admin.php>< button class =button_1>管理员< /按钮>< / a>
< / li>';
}
?>
< / ul>
< / nav>
< / div>
< / header>
< / body>
< / html>
转到后端脚本。
你有名为露营地
和露营地
的表吗?尽管使用了 mysqli_real_escape_string
,但sql语句都嵌入了变量,这会使您的代码潜在地受到SQL注入的攻击,因此您应该使用预准备语句
,每当你使用用户提供的输入。它只需要一个可以被利用来破坏整个系统的领域!我不能完全遵循一些关于那里正在发生的事情的逻辑(可能还没有足够的咖啡因),所以下面的内容可能会是广泛的标记
<?php
session_start();
$ b $ *防止在浏览器中直接访问此脚本* /
if(realpath(__ FILE__)== realpath($ _SERVER ['SCRIPT_FILENAME'])){
/ *可以发送一个403,但Not Found可能更好* /
头('HTTP / 1.0 404 Not Found',TRUE,404);
die(header('location:/index.php')); ($ _SERVER ['REQUEST_METHOD'] =='POST'&&& isset($ _POST ['submit1'],$ _POST ['startdate'],$
$ b) _POST ['enddate'],$ _POST ['fire'],$ _POST ['electric'],$ _POST ['sewer'])){
if(empty($ _POST ['startdate '])|| empty($ _POST ['enddate'])){
exit(header('Location:../index.php?index=empty_dates'));
$ b / *搜索查询的结果将存储在这个数组中以备后用* /
$ output = array();
require_once('dbh.inc.php');
/ *
startdate和enddate是否需要会话变量?
* /
$ startdate = filter_input(INPUT_POST,'startdate',FILTER_SANITIZE_SPECIAL_CHARS);
$ enddate = filter_input(INPUT_POST,'enddate',FILTER_SANITIZE_SPECIAL_CHARS);
$ fire = filter_var(filter_input(INPUT_POST,'fire',FILTER_SANITIZE_NUMBER_INT),FILTER_VALIDATE_INT);
$ electric = filter_var(filter_input(INPUT_POST,'electric',FILTER_SANITIZE_NUMBER_INT),FILTER_VALIDATE_INT);
$ sewer = filter_var(filter_input(INPUT_POST,'sewer',FILTER_SANITIZE_NUMBER_INT),FILTER_VALIDATE_INT);
/ *
DatePicker的日期以mm / dd / yyyy
为单位,但通常我们希望在数据库中使用yyyy / mm / dd
。
* /
$ startdate = DateTime :: createFromFormat('m / d / Y',$ startdate) - > format('Y-m-d');
enddate = DateTime :: createFromFormat('m / d / Y',$ enddate) - > format('Y-m-d');
$ b $ if if($ fire> 1或$ fire <0或is_string($ fire))$ fire = 0;
如果($ electric> 1或$ electric <0或is_string($ electric))$ electric = 0;
if($ sewer> 1或$ sewer< 0或is_string($ sewer))$ sewer = 0;
$ sql ='select`site_id`,`uid`,`startdate`,`enddate`,`s_price` from`campsite`
where`water` =?和'火'=?和电=?和`site_id`不在(
)中从`reservation`选择`site_id`
其中`startdate`> =?和`startdate` <=?
)';
$ stmt = $ conn-> prepare($ sql);
if($ stmt){
$ stmt-> bind_param('iiiss',$ sewer,$ fire,$ electric,$ startdate,$ enddate);
$ result = $ stmt-> execute();
$ rows = $ result-> num_rows;
if($ result&& $ rows> 0){
$ stmt-> store_result();
$ stmt-> bind_result($ id,$ uid,$ start,$ end,$ price);
while($ stmt-> fetch()){
$ output [] = array(
'site_id'=> $ id,
'uid '=> $ uid,
'startdate'=> $ start,
'enddate'=> $ end,
's_price'=> $ price
) ;
}
$ stmt-> free_result();
$ stmt-> close();
$ conn-> close();
/ *
现在我们应该有一个数组,其中包含搜索
的记录集数据根据表单提交方法(标准或ajax),您需要
做一些事情与该数据。通常你会让用户知道搜索的
结果(否则让它们搜索的是什么?)
因此,你可以将结果格式化为HTML或发回json etc
* /
foreach($ output as $ index => $ site){
echo
< pre>
{$ site ['site_id' ]}
{$ site ['uid']}
{$ site ['startdate']}
{$ site ['enddate']}
{$ site ['' s_price']}
< / pre>;
}
} else {
exit(header('Location:/index.php?error=no_available_camps'));
}
} else {
echo无法准备sql查询;
}
}
?>
在那里还有其他的sql语句,但正如我所说我不能完全遵循逻辑,所以以上很可能是不完整/错误的,但至少应该预备好一点声明。
其他要点
您在 campground.php
页面上发现未处理的错误,其中显示有
警告: mysqli_fetch_assoc()期望参数1为mysqli_result,
在/storage/ssd2/948/4122948/public_html/campground.php中给出的布尔值,第110行为
YesYes
includes / reserve.php
和 /reserve.php
产量a 404-未找到
错误
也许使用 .htaccess $ c $在$
图片
目录下的
但有些是诚实的,绝对是巨大的,尽管少数拥有快速宽带下载3.7Mb jpg作为HTML流程的一部分的人们可能会有所放慢 - 所以也许一些图像优化也是一个好主意。这就是说 - 我很乐意亲自去这个地方!
I am attempting to create my reservation site for my class project and have been completely out of my league in regards to it. My current issue deals with the fact that for some reason, my code is throwing to my built-in error handler which verifies that variables were entered.
My goal here is to create a page which queries my database and returns which sites meet the requirements listed (dates/amenities) and are then echoed out on another page (which I am also working on).
I realize that my code is awful. To be fair, I'm pretty awful at this. As I stated in a previous post, my professor pushed me into a massive project that I had no background in and was not prepared for. I appreciate any time and help that anybody can offer.
Random thought - I think part of the problem might be that phpmyadmin uses a pretty awful format for dates (I think it's year/month/day) and that's what's throwing the error. When I tried googling the answer for that, it wanted me to transform the data through the database structure, but that option is not given through 000webhost.com (it is on my localhost).
Happy New Year!
the website: https://campease.000webhostapp.com/index.php - click campsites The header code:
<?php
@session_start();
require_once("includes/dbh.inc.php");
?>
<!DOCTYPE html>
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script>
$(document).ready(function(){
$('#login-trigger').click(function(){
$(this).next('#login-content').slideToggle();
$(this).toggleClass('active');
if ($(this).hasClass('active')) $(this).find('span').html('▲')
else $(this).find('span').html('▼')
})
});
$(document).ready(function(){
$('#reserve-trigger').click(function(){
$(this).next('#reserve-content').slideToggle();
$(this).toggleClass('active');
})
});
$('#reserve-trigger').on('focusout', function () {
$(this).toggleClass('active');
});
$('#login-trigger').on('focusout', function () {
$(this).toggleClass('active');
});
</script>
<link rel="stylesheet" href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/themes/smoothness/jquery-ui.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js">
<SCRIPT TYPE="text/javascript">
</script>
<script>
$(document).ready(function() { $("#startdate").datepicker(); });
$(document).ready(function() { $("#enddate").datepicker(); });
</script>
<link rel="stylesheet" href="./css/style.css">
</head>
<body>
<header>
<div class="container">
<div id="branding">
<h1><span class="highlight">Whispering</span> Winds Park</h1>
</div>
<nav>
<ul>
<li class="current"><a href="index.php">Home</a></li>
<li><a href="mission.php">Our Mission</a></li>
<li><a href="donate.php">Donate</a></li>
<li><a id="reserve-trigger" href="#">Camping</a>
<div id="reserve-content" tabindex="-1">
<form action="includes/reserve.inc.php" method="POST">
<fieldset id="inputs2">
<ul>
<input id="startdate" placeholder="Start Date" />
<input id="enddate" placeholder="End Date"/>
<li id="chk"><label for="fire">Fire Pit: </label><input type="checkbox" value="Fire"></li>
<li id="chk"><label for="electric">Electricity: </label><input type="checkbox" value="Electric"></li>
<li id="chk"><label for="sewer">Sewage: </label><input type="checkbox" value="Sewer"></li>
<button type="submit" class="button3" name="submit1">Find a Reservation</button>
</ul>
</fieldset>
</form>
</div>
</li>
<!-- /*login button*/ -->
<?php
if (isset($_SESSION["u_uid"])) {
echo '
<li><form action="includes/logout.inc.php" method="POST">
<button type="submit" class="button_1" name="Submit">Logout</button>
</form></button></li>';
} else {
echo
' <li id="login">
<a id="login-trigger" href="#">
<button class="button_1">Log in <span>▼</span></button>
</a>
<div id="login-content" tabindex="-1">
<form action="includes/login.inc.php" method="POST">
<fieldset id="inputs">
<input type="text" name="uid" placeholder="Username" required>
<input type="password" name="pwd" placeholder="Password" required>
<button type="submit" class="button3" name="Submit">Log In</button>
</fieldset>
</form>
</div>
</li>
<li id="signup">
<a href="signup.php"><button class="button_1">Sign up</button></a>
</li>';
}
?>
<?php
if(isset($_SESSION["u_admin"]))
{
echo '
<li id="signup">
<a href="admin.php"><button class="button_1">Admin</button></a>
</li>';
}
?>
</ul>
</nav>
</div>
</header>
</body>
The retrieval code:
<?php
@session_start();
if (isset($_POST['submit1'])) {
require_once("dbh.inc.php");
$fire = 0;
$electric = 0;
$sewer = 0;
if(isset($_POST['startdate']))
$_SESSION['startdate'] = $_POST['startdate'];
if(isset($_POST['enddate']))
$_SESSION['enddate'] = $_POST['enddate'];
if(!empty($_POST['fire'])) {
$fire = mysqli_real_escape_string($conn, $_POST['fire']);
}
if(!empty($_POST['electric'])) {
$electric = mysqli_real_escape_string($conn, $_POST['electric']);
}
if(!empty($_POST['sewer'])) {
$sewer = mysqli_real_escape_string($conn, $_POST['sewer']);
}
}
if (empty($startdate) || empty($enddate)) {
header("Location: ../index.php?index=empty_dates");
exit();
}
$sql = "SELECT * FROM campsite WHERE water='$sewer' OR fire='$fire' OR electric = '$electric'
AND site_id NOT IN (SELECT site_id FROM reservation
where startdate = '$startdate' and '$startdate' <= '$enddate')";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?index=no_available_camps");
exit();
} else {
while ($row = mysqli_fetch_assoc($result)) {
if($row = mysqli_fetch_assoc($result)) {
$siteID = mysqli_real_escape_string($conn, $_POST['site_id']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$start = mysqli_real_escape_string($conn, $_POST['startdate']);
$end = mysqli_real_escape_string($conn, $_POST['enddate']);
$price = mysqli_real_escape_string($conn, $_POST['s_price']);
}
// Error Handlers
// check for empty fields
if (empty($start) || empty($end)) {
header("Locaction: ../reserve.php?=error");
exit();
} else {
// determine if dates are available
$sql="SELECT * from campsites where startdate<='$start' AND where startdate>'$end'";
$result = mysqli_query($conn, $sql);
$resultcheck = mysqli_num_rows($result);
if ($resultcheck > 0) {
header("Location: ../reserve.php?=error2");
} else {
$sql = "INSERT INTO campsite (site_id, uid, startdate, enddate)
VALUES ('$siteID', '$uid', '$start', '$end');";
header("Location:./campground.php");
exit();
}
}
}
}
?>
The HTML has a few errors and the form used to search for campsites does not actually submit any of the data, most likely due to some of the errors in the HTML. A ul
element can have li
elements as children only - but those li
elements can have other content ( typically not the best way to do it IMO in this case ) and form input elements of whatever type should have a name attribute and generally a value. In the case of the reservation form fire
,electric
and sewer
should be named as such with a value of 1 ( refer to previous question ). The date pickers need to have names, so either instead of an ID or as well as, name them startdate
and enddate
as the php script is expecting them in the POST array.
If the form did successfully submit the data and the sql query ran OK, where would the results appear? I can see that the action of the form is includes/reserve.inc.php
which is the second portion of code ( PHP ) but that doesn't output any content.
Editing the HTML in the browser to add attributes to the various form elements and changing their values before submitting the form yielded the following POST parameters on the live page...
startdate=01%2F03%2F2018&enddate=01%2F17%2F2018&fire=1&electric=1&sewer=1&submit1=
Whereas before only the submit1
was appearing. However there was still no result sent back.
As you already have jQuery
on the page for various tasks perhaps the thing to do would be to use ajax to POST the data to the backend PHP script and use the callback to add the HTML content to the current page? Certainly something to think about perhaps.
<?php
@session_start();
require_once("includes/dbh.inc.php");
?>
<!DOCTYPE html>
<html>
<head>
<script src="//ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script>
$(document).ready(function(){
$('#login-trigger').click(function(){
$(this).next('#login-content').slideToggle();
$(this).toggleClass('active');
if ($(this).hasClass('active')) $(this).find('span').html('▲')
else $(this).find('span').html('▼')
})
});
$(document).ready(function(){
$('#reserve-trigger').click(function(){
$(this).next('#reserve-content').slideToggle();
$(this).toggleClass('active');
})
});
$('#reserve-trigger').on('focusout', function () {
$(this).toggleClass('active');
});
$('#login-trigger').on('focusout', function () {
$(this).toggleClass('active');
});
</script>
<link rel="stylesheet" href="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/themes/smoothness/jquery-ui.css">
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js">
<script>
$(document).ready(function() { $("#startdate").datepicker(); });
$(document).ready(function() { $("#enddate").datepicker(); });
</script>
<link rel="stylesheet" href="./css/style.css">
</head>
<body>
<header>
<div class='container'>
<div id='branding'>
<h1><span class='highlight'>Whispering</span> Winds Park</h1>
</div>
<nav>
<ul>
<li class='current'><a href='index.php'>Home</a></li>
<li><a href='mission.php'>Our Mission</a></li>
<li><a href='donate.php'>Donate</a></li>
<li><a id='reserve-trigger' href='#'>Camping</a>
<div id='reserve-content' tabindex='-1'>
<form action='includes/reserve.inc.php' method='POST'>
<fieldset>
<!--
child elements of a `ul` should be `li` only
so you required a few more `<li></li>` around
certain items here
Form input elements require a name attribute and a type for the datepickers
-->
<ul>
<li><input type='text' id='startdate' name='startdate' placeholder='Start Date' /></li>
<li><input type='text' id='enddate' name='enddate' placeholder='End Date'/></li>
<!--
The checkboxes require a name attribute otherwise they will not appear
in the POST array data. Set the value to `1` as it is a bit stored in
the db anyway
-->
<li><label for='fire'>Fire Pit: </label><input type='checkbox' name='Fire' value=1></li>
<li><label for='electric'>Electricity: </label><input type='checkbox' name='Electric' value=1></li>
<li><label for='sewer'>Sewage: </label><input type='checkbox' name='Sewer' value=1></li>
<li><button type='submit' class='button3' name='submit1'>Find a Reservation</button></li>
</ul>
</fieldset>
</form>
</div>
</li>
<!-- /*login button*/ -->
<?php
if( isset( $_SESSION["u_uid"] ) ) {
echo '
<li>
<form action="includes/logout.inc.php" method="POST">
<button type="submit" class="button_1" name="Submit">Logout</button>
</form>
</li>';
} else {
echo
'<li id="login">
<a id="login-trigger" href="#">
<button class="button_1">Log in <span>▼</span></button>
</a>
<div id="login-content" tabindex="-1">
<form action="includes/login.inc.php" method="POST">
<fieldset id="inputs">
<input type="text" name="uid" placeholder="Username" required>
<input type="password" name="pwd" placeholder="Password" required>
<button type="submit" class="button3" name="Submit">Log In</button>
</fieldset>
</form>
</div>
</li>
<li id="signup">
<a href="signup.php"><button class="button_1">Sign up</button></a>
</li>';
}
if( isset( $_SESSION["u_admin"] ) ) {
echo '
<li id="signup">
<a href="admin.php"><button class="button_1">Admin</button></a>
</li>';
}
?>
</ul>
</nav>
</div>
</header>
</body>
</html>
Moving on to the backend script.
Do you have tables named campsite
and campsites
? The sql statements all have embedded variables which, despite the use of mysqli_real_escape_string
, does leave your code potentially vulnerable to SQL Injection so you ought to use prepared statements
whenever you are using user supplied input. It just takes one field that can be exploited to compromise the entire system! I could not quite follow some of the logic with what was going on there ( not enough caffeine probably yet ) so the following may be wide of the mark
<?php
session_start();
/* Prevent direct access to this script in the browser */
if ( realpath(__FILE__) == realpath( $_SERVER['SCRIPT_FILENAME'] ) ) {
/* could send a 403 but Not Found is probably better */
header( 'HTTP/1.0 404 Not Found', TRUE, 404 );
die( header( 'location: /index.php' ) );
}
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit1'], $_POST['startdate'], $_POST['enddate'], $_POST['fire'], $_POST['electric'], $_POST['sewer'] ) ) {
if ( empty( $_POST['startdate'] ) || empty( $_POST['enddate'] ) ) {
exit( header( 'Location: ../index.php?index=empty_dates' ) );
}
/* results from search query will be stored in this array for later use */
$output=array();
require_once('dbh.inc.php');
/*
Do startdate and enddate need to be session variables???
*/
$startdate = filter_input( INPUT_POST,'startdate',FILTER_SANITIZE_SPECIAL_CHARS );
$enddate = filter_input( INPUT_POST,'enddate',FILTER_SANITIZE_SPECIAL_CHARS );
$fire = filter_var( filter_input( INPUT_POST,'fire', FILTER_SANITIZE_NUMBER_INT ), FILTER_VALIDATE_INT );
$electric = filter_var( filter_input( INPUT_POST,'electric', FILTER_SANITIZE_NUMBER_INT ), FILTER_VALIDATE_INT );
$sewer = filter_var( filter_input( INPUT_POST,'sewer', FILTER_SANITIZE_NUMBER_INT ), FILTER_VALIDATE_INT );
/*
Dates from the DatePicker are in mm/dd/yyyy
but typically we would want to use yyyy/mm/dd
in the database.
*/
$startdate=DateTime::createFromFormat( 'm/d/Y', $startdate )->format('Y-m-d');
$enddate=DateTime::createFromFormat( 'm/d/Y', $enddate )->format('Y-m-d');
if( $fire > 1 or $fire < 0 or is_string( $fire ) ) $fire=0;
if( $electric > 1 or $electric < 0 or is_string( $electric ) ) $electric=0;
if( $sewer > 1 or $sewer < 0 or is_string( $sewer ) ) $sewer=0;
$sql='select `site_id`,`uid`,`startdate`,`enddate`,`s_price` from `campsite`
where `water`=? and `fire`=? and `electric`=? and `site_id` not in (
select `site_id`
from `reservation`
where `startdate` >= ? and `startdate` <= ?
)';
$stmt=$conn->prepare( $sql );
if( $stmt ){
$stmt->bind_param('iiiss', $sewer, $fire, $electric, $startdate, $enddate );
$result = $stmt->execute();
$rows = $result->num_rows;
if( $result && $rows > 0 ){
$stmt->store_result();
$stmt->bind_result( $id, $uid, $start, $end, $price );
while( $stmt->fetch() ){
$output[]=array(
'site_id' => $id,
'uid' => $uid,
'startdate' => $start,
'enddate' => $end,
's_price' => $price
);
}
$stmt->free_result();
$stmt->close();
$conn->close();
/*
Now we should have an array with the recordset data from the search
Depending upon form submission method ( standard or ajax ) you need to
do something with that data. Typically you would let the user know the
results of the search ( otherwise what is the point of letting them search? )
So, you could format the results here as HTML or send back json etc
*/
foreach( $output as $index => $site ){
echo "
<pre>
{$site['site_id']}
{$site['uid']}
{$site['startdate']}
{$site['enddate']}
{$site['s_price']}
</pre>";
}
} else {
exit( header('Location: /index.php?error=no_available_camps') );
}
} else {
echo "Failed to prepare sql query";
}
}
?>
There were other sql statements in there but as I said I couldn't quite follow the logic so the above is most likely incomplete/wrong but should helpe a little with prepared statements at least.
Other points
You have an unhandled error on the campground.php
page which reveals
Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in /storage/ssd2/948/4122948/public_html/campground.php on line 110 YesYes
includes/reserve.php
and /reserve.php
both yield a 404-Not Found
error
Perhaps use an .htaccess
file within the images
directory to prevent either hotlinking or directory browsing.
There are some stunning images in there but some are, to be honest, absolutely enormous and despite the majority of people having fast broadband downloading a 3.7Mb jpg as part of the HTML flow slows things somewhat - so perhaps some image optimisation would be a good idea too. That said - I'd love to go to this place myself!
这篇关于PHP不传递变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!