dongxiong4571
dongxiong4571
2013-09-11 16:22

Dynamica数据库 - 数组 - 使用PHP / MySql将值从第1页传递到第2页

已采纳

I have dynamic database working very well.

I have log in system working very well.

There are those "welcome user" links.

"user" is a link to everything user has in DB. When a user wants to change stuff, just click on "user". You get the form ChangeStuff.php

Amongst other good stuff, I have this

<form action="IamStuck.php">

<li> Property ID: <?php  print  $row['P_ID'] ?>  <?php $P_ID =  $row['P_ID']; $_SESSION['P_ID']  = $P_ID  ?><input name="edit" type="submit" value="edit" /><br /><br />
&ensp;&ensp;  Address: <?php print $row['address']?>,   <?php print $row['city'] ; ?> 
</li>  
</form>

Which basically produces something like this:

Edit Listings

Would you like to update your listing?

  • Property ID: 14 (submit button goes here)

       Address: 1845 Oak Park Blvd, Pleasanton Hill

  • Property ID: 16 (submit button goes here)

       Address: 3111 Adeline Ave, Emeryville

Then on the IamStuck.php, I have a full form (html+php) that pulls all the info on DB and allows user to update the info (query is fine and working very well):

    <?php  session_start();
.....
        $P_ID = $_SESSION ['P_ID'];
        if(isset($_POST['Submit'])){//if the submit button is clicked
        $day = $_POST['day'];
        $address = $_POST['address'];
        etc
        etc.


    $update = "UPDATE property 
                    SET day='$day', city='$city', state='$state', address='$address', price = $price, sq_ft = $sq_ft, lot_sq_ft = $lot_sq_ft,zip_code = $zip_code, bedroom = $bedroom, bathroom = $bathroom, partial_bath = $partial_bath, sunday_info = '$sunday_info',
                    web = '$web', broker_info='$broker_info', map_info='$map_info', youtube = '$youtube'

                     WHERE P_ID = ".$P_ID;
        $db->query($update) or die("Cannot update");//update or error

The problem is to get the right P_ID from ChangeStuff.php

I tried this with anchor link and post/get and it worked wonderfully, except that the P_ID would go in the URL and you could just change the id and change someone's else DB info :O

No good.

Came back to session. It works very well as long as you want to change the last value of the array :)

If you want to change the property 14 (as seen in the example) you jut can't :( Pulls only last address (which is still your info in DB - but not the one supposed to be updated.

No good.

Is there any one out in there in blue planet who could give some ideas?

Full disclosure: I am new to this stuff of PHP, MYSQL, Javascript CSS all this wonderful stuff that I have been learning in the last several months :/

Thank you for your time.

PS. As you may have figured out, the array is dynamic, will change from person to person and even from the same person today to next month.

EDIT

Based on one of the comment below @Just Wood I came back to my original Post/Get method. changeStuff.php is like this:

<form action="IamLessStuck.php" method="post">

    <li> <a href="IamLessStuck.php?P_ID=<?php echo $row['P_ID']; ?>">Property ID: <?php  print  $row['P_ID'] ?> </a><br /><br />
    &ensp;&ensp;  Address: <?php print $row['address']?>,   <?php print $row['city'] ; ?> 
    </li>  
    </form>

IamLessStuck.php is like this (just WHERE changed):

$update = "UPDATE property 
            SET day='$day', city='$city', state='$state', address='$address', price = $price, sq_ft = $sq_ft, lot_sq_ft = $lot_sq_ft,zip_code = $zip_code, bedroom = $bedroom, bathroom = $bathroom, partial_bath = $partial_bath, sunday_info = '$sunday_info',
            web = '$web', broker_info='$broker_info', map_info='$map_info', youtube = '$youtube'

             WHERE P_ID = ".$P_ID." and 
                           username =  '".(htmlentities($_SESSION['user']['username']))."'";

$db->query($update) or die("Cannot update");//update or error

Thank you. It works. I also changed the code/query where query SELECT *.... to get all values before the edit takes place and added the same WHERE clause (id=$_post id and user = session[user]). Now one can only see and change his/her only stuff. Thank you.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • dsuikgi9199 dsuikgi9199 8年前

    There is no problem at all with putting the P_ID in the URL. All you will need to do is check to make sure that that user has access to that entry before allowing them to edit/view it.

    Just do a SQL query to check for that.

    As a side note, as mentioned in my comments, I do not agree with putting the P_ID in with the rest of the session information. The P_ID has to do with a single request, not the entire session.

    点赞 评论 复制链接分享