<form action='' method='POST'>
<table align="center">
<tr><td>Transaction Access Code:</td></tr>
<tr><td><input type="password" name="code1"></td></tr>
<tr><td class="button1"><input type="submit" name="submitBtn" value="Log In" class="button"></td></tr>
</table>
</form>
<?php
if(isset($_REQUEST['submitBtn'])){
include '_inc/dbconn.php';
$code1=$_REQUEST['code1'];
$sql="SELECT code1 FROM code WHERE code1='$code1'";
$result=mysql_query($sql) or die(mysql_error());
$rws= mysql_fetch_array($result);
if($rws[0]==$code1 ){
header("customer_transfer_process.php");}
else
header("customer_transfer_process1.php");}
?>
我希望所有客户在进入下一步交易之前输入表格中的特定号码
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
- 邀请回答
-
3条回答 默认 最新
- dsp15140275697 2018-05-21 13:22关注
Your code had some errors. You also should always scrub user input when using it in a database transaction.
<form method='POST'> <table align="center"> <tr><td>Transaction Access Code:</td></tr> <tr><td><input type="password" name="code1"></td></tr> <tr><td class="button1"><input type="submit" name="submitBtn" value="Log In" class="button"></td></tr> </table> </form> <?php if(isset($_POST['code1'])){ include '_inc/dbconn.php'; $code1 = htmlspecialchars($_POST['code1']); // sanitize user input $sql="SELECT code1 FROM code WHERE code1='{$code1}'"; $result = mysql_query($sql) or die(mysql_error()); $rws = mysql_fetch_array($result); if($rws[0]==$code1 ){ //success, transfer header("customer_transfer_process.php"); } else { //fail, send them somewhere else header("customer_transfer_process1.php"); } } ?>
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
- ¥15 CSAPPattacklab
- ¥15 一直显示正在等待HID—ISP
- ¥15 Python turtle 画图
- ¥15 关于大棚监测的pcb板设计
- ¥15 stm32开发clion时遇到的编译问题
- ¥15 lna设计 源简并电感型共源放大器
- ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
- ¥15 Vue3地图和异步函数使用
- ¥15 C++ yoloV5改写遇到的问题