即使mysql中不存在该值，如何防止$ _SESSION将变量传递给另一个表单？

I have two forms. The first form has two inputs: date and id. The id should be in the database otherwise, it will not save. What the $_SESSION does is that it passes the value from ID when I submit the form to the second form which is in the same page too. How can I prevent this from passing the value if the user has put a value that is not in the database? My php code issues a modal which says that the ID the the user has put is invalid however, it still passes to the other form...

Here is my php code:

<?php
    include 'config.php';

    if (isset($_POST['documentRequest1']))
    {

        $chkbox = $_POST['docs'];
        $id = $_POST['a'];

        $totalPrice = 0;
        $total_cedula = 0;
        $isPartOfTotal = 0;


         foreach($chkbox as $chk1)  
           { 
                    if($chk1=='Certificate of Residency') 
                    {
                      $chek_val=$_POST['d1'];
                      $result = mysqli_query($conn, "SELECT price FROM document WHERE typeOfDoc = '$chk1';");
                      $row = mysqli_fetch_assoc($result);                               
                      $isPartOfTotal = $chek_val * $row["price"];
                      $sql = mysqli_query($conn, "INSERT into requestitem (DocumentRequest_idDocumentRequest, Document_idDocument, quantity, isPartOfTotal, price, paymentStatus) VALUES ((SELECT idDocumentRequest FROM documentrequest WHERE Person_idPerson = '$id'), (SELECT idDocument FROM document WHERE typeOfDoc = '$chk1'), '$chek_val', '$isPartOfTotal',' $total_cedula', 'Unpaid');");
                    }
                    else if($chk1=='Barangay Clearance') 
                    {
                      $chek_val=$_POST['d2'];
                      $result = mysqli_query($conn, "SELECT price FROM document WHERE typeOfDoc = '$chk1';");
                      $row = mysqli_fetch_assoc($result);                               
                      $isPartOfTotal = $chek_val * $row["price"];
                      $sql = mysqli_query($conn, "INSERT into requestitem (DocumentRequest_idDocumentRequest, Document_idDocument, quantity, isPartOfTotal, price, paymentStatus) VALUES ((SELECT idDocumentRequest FROM documentrequest WHERE Person_idPerson = '$id'), (SELECT idDocument FROM document WHERE typeOfDoc = '$chk1'), '$chek_val', '$isPartOfTotal',' $total_cedula', 'Unpaid');");
                    } 
                    else if ($chk1=='Cedula')
                    {
                      $chek_val=$_POST['d3'];
                      //$income=$_POST['income'];
                      $result = mysqli_query($conn, "SELECT income FROM person WHERE idPerson = '$id';");
                      $row = mysqli_fetch_assoc($result);
                      $income = $row['income'];
                      $total_cedula = ($income * 12 * .001) + 5;

                      $isPartOfTotal = $chek_val * $total_cedula;
                      $sql = mysqli_query($conn, "INSERT into requestitem (DocumentRequest_idDocumentRequest, Document_idDocument, quantity, isPartOfTotal, price, paymentStatus) VALUES ((SELECT idDocumentRequest FROM documentrequest WHERE Person_idPerson = '$id'), (SELECT idDocument FROM document WHERE typeOfDoc = '$chk1'), '$chek_val', '$isPartOfTotal',' $total_cedula', 'Unpaid');");
                    }

                    // partial total
                    $result = mysqli_query($conn, "SELECT price FROM document WHERE typeOfDoc = '$chk1';");
                    $row = mysqli_fetch_assoc($result);                             
                    $isPartOfTotal = $chek_val * $row["price"];

           } 

        ?>
        <!-- Modal -->
    <div class="modal fade" id="step2" tabindex="-1" role="dialog" aria-labelledby="memberModalLabel" aria-hidden="true">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header" style = "background-color: #5bc0de; color: white;">
                    <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span>
                    </button>
                     <h4 class="modal-title" id="memberModalLabel">Request added.</h4>
                </div>
                <div class="modal-body">
                    <h5>You have successfully added a new request. However, it is still tagged as unpaid.<br> This will redirect you to the invoice page.</h5>
                </div>
                <div class="modal-footer">
                    <button type="button" class="btn btn-primary" data-dismiss="modal">Close</button>
                </div>
            </div>
        </div>
    </div>
        <?php

        //header("Refresh: 5;url=all_docRequest.php");
        mysqli_close($conn);    
    }                               
?>

First form html code:

<form class="form-horizontal form-label-left" name = "documentRequest" enctype="multipart/form-data" role="form" method="post" novalidate>

    <div class = "first">

    <div class="item form-group">
        <label class="control-label col-md-3 col-sm-3 col-xs-12">Date of Request <span class="required">*</span></label>
        <div class="col-md-6 col-sm-6 col-xs-12">
            <input id="reqDate" class="form-control col-md-7 col-xs-12" name="reqDate" required="required" type="date" >
        </div>
    </div>
    <div class="item form-group">
        <label class="control-label col-md-3 col-sm-3 col-xs-12">Resident's Name <span class="required">*</span></label>
    <div class="col-md-6 col-sm-6 col-xs-12">
        <input name="person_id" id="search-box" class="form-control col-md-7 col-xs-12" placeholder ="Type in ID number..." required="required" type="text">
    </div>
    </div>
    </div>
    <div class="ln_solid"></div>
    <div class="form-group">
    <div class="col-md-6 col-md-offset-3">
    <button id="requestDiv" type="submit" class="btn btn-success" name="documentRequest" >Proceed</button>
    <button type="submit" class="btn btn-primary">Cancel</button>
    </div>
    </div>
    </form>

Second form:

<form class="form-horizontal form-label-left" name = "documentRequest1" enctype="multipart/form-data" role="form" method="post" novalidate>
    <div class = "second">
    <div class="item form-group">
        <label class="control-label col-md-3 col-sm-3 col-xs-12">ID <span class="required">*</span></label>
        <div class="col-md-6 col-sm-6 col-xs-12">
            <input name="a" id="search" class="form-control col-md-7 col-xs-12" value = "<?php echo $_SESSION['person_id']; ?>" required="required" type="text" readonly="readonly">
        </div>
    </div>

    <div class="item form-group">
        <label class="control-label col-md-3 col-sm-3 col-xs-12"> Document Request(s)  <span class="required">*</span></label>
        <div class="col-md-6 col-sm-6 col-xs-12">

        <input type="checkbox" name="docs[]" id="doc1" value="Certificate of Residency"/> Certificate of Residency
        <div class = "clearfix"></div>
        <div class = "col-xs-3">
            <input name="d1" class="form-control col-md-7 col-xs-12" required="required" type="number">
        </div>
        <div class = "clearfix"></div>

        <input type="checkbox" name="docs[]" id="doc2" value="Barangay Clearance"/> Barangay Clearance                                                  
        <div class = "clearfix"></div>
        <div class = "col-xs-3">
            <input name="d2" class="form-control col-md-7 col-xs-12" required="required" type="number"/>
        </div>

        <div class = "clearfix"></div>
        <input type="checkbox" name="docs[]" id="doc3" value="Cedula"/> Cedula                                                  
        <div class = "clearfix"></div>
        <div class = "col-xs-3">
            <input name="d3" class="form-control col-md-7 col-xs-12" required="required" value = "1" type="number" readonly = "readonly"/>
        </div>
        </div>
        </div>
        </div>
        <div class="ln_solid"></div>
        <div class="form-group">
            <div class="col-md-6 col-md-offset-3">
                <button id="requestDiv1" type="submit" class="btn btn-success" name="documentRequest1" >Proceed</button>
                <button type="submit" class="btn btn-primary">Cancel</button>
    </div>
    </div>
    </form>

This is the $_SESSION code:

<?php
session_start();
$_SESSION['person_id']=isset($_POST['person_id']) ? $_POST['person_id'] :'';
?>

I really need your help on this one... Your help will be much appreciated. Thank you.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

报告相同问题？

关注问题

mysql查询中的$ _SESSION变量？ mysql php
2011-04-21 15:55

回答 6 已采纳 PHP can't recognise variables inside a string that have square brackets and so on, you have to wra
php $ _SESSION变量没有携带一个Flash游戏？ php
2011-07-04 21:01

回答 1 已采纳 Change your logic to this, for debugging purposes: $sql = <<<EOL INSERT INTO `DB`.`TABLE
如何将mysql查询结果作为变量传递给另一个查询搜索？ ajax database html mysql php
2012-09-21 19:18

回答 1 已采纳 Try replacing: echo " <span id=\"$spans\" onclick='serverconnect(\"http://localhost/dreamwe
所有mysql变量都以开头对不对_PHP复习题（选择题）
2021-01-28 20:35

诺xy世的博客查找字符串在另一字符串中最后一次出现的位置答案：B 解析：strpos() 函数查找字符串在另一字符串中第一次出现的位置，对大小写敏感。 21. GET 方法和 POST 方法的区别是什么？ A. GET 显示在地址栏 URL 中输入的...
为什么PHP if（！$ _ SESSION ['username']）返回false php
2015-03-12 15:52

回答 2 已采纳 You need to save save something in session variable if($count == 1) { // Register $username, $pas
查询后没有创建新的$ _SESSION变量？ mysql php sql
2013-10-10 10:29

回答 2 已采纳 I've found the answer - it turned out that I wasn't treating one of the session variables as a pro
MySQL中的一个字段的默认值为另外两个字段值的拼接，如何实现？ mysql
2022-03-05 20:02

回答 1 已采纳参考语法 CREATE TABLE triangle ( sidea DOUBLE, sideb DOUBLE, sidec DOUBLE AS (SQRT(sidea * sidea +
下列不能用作mysql数据名_PHP复习题（选择题）
2021-01-30 16:03

SuperSodaSea的博客查找字符串在另一字符串中最后一次出现的位置答案：B 解析：strpos() 函数查找字符串在另一字符串中第一次出现的位置，对大小写敏感。 21. GET 方法和 POST 方法的区别是什么？ A. GET 显示在地址栏 URL 中输入的...
MySQL如何将一个表中的两个数据进行除运算？ erlang mysql
2020-12-27 18:30

回答 2 已采纳 select sum(case when fwsj='chargeRequest' then 1 else 0 end)/count(*) from wzj_visitor
在另一个MySQL查询中使用一个MySQL查询的结果作为变量 php
2019-01-19 14:54

回答 1 已采纳 For security purposes you should use prepared statements or even better you should use PDO instead
检查用户是管理员还是普通用户？ PHP $ _session和MYSQL mysql php
2012-12-18 12:31

回答 4 已采纳 try this if($_SESSION['usertype'] == 2) { //do stuff here } if ($_SESSION['usertype']) ==
js改变php值,将变量值从JS传递给PHP
2021-04-16 15:41

抓猫去搬砖的博客我在将值从JS传递给PHP时遇到问题,因此它可以用作PHP函数的参数.单击链接后,onclick事件将触发JS函数.这是JS HTML代码：function insertIntoDb() {$.GET OR POST("insert.php");return false;}INSERT MY USERNAMEPHP...
mysql5.7 使用json_extract 没有数据，是什么情况？ mysql
2022-04-22 13:39

回答 1 已采纳因为你这个json是个列表（以"["开头，以"]"结尾），所以你定位的路径不对，要先取这个列表中的第一个元素，然后再往下找imageUrl。 select JSON_EXTRACT(title_ima
Php 取出session中的值,获取php值
2021-03-28 08:04

weixin_39886205的博客 php cli模式下获取参数的方法本文转自IT摆渡网欢迎转载，请...使用argv数组例如：需要执行一个php，并传递三个参数(type=news, is_hot=1, lim...文章itkeke2017-08-261096浏览量网站漏洞修复之Discuz X3.4远程代码执...
php与mysql做一个系统_怎么利用php与MySql实现一个登录系统
2021-01-26 07:49

珠仪的博客怎么利用php与MySql实现一个登录系统发布时间：2020-12-19 16:17:07来源：亿速云阅读：83...一、基本目标首先在mysql存在着如下的用户信息表：在页面中有一个登录表单，上面需要用户填写用户名与密码等信息如果用户...
没有解决我的问题, 去提问

悬赏问题

¥30 自适应 LMS 算法实现 FIR 最佳维纳滤波器matlab方案
¥15 lingo18勾选global solver求解使用的算法
¥15 全部备份安卓app数据包括密码，可以复制到另一手机上运行
¥15 Python3.5 相关代码写作
¥20 测距传感器数据手册i2c
¥15 RPA正常跑，cmd输入cookies跑不出来
¥15 求帮我调试一下freefem代码
¥15 matlab代码解决，怎么运行
¥15 R语言Rstudio突然无法启动
¥15 关于#matlab#的问题：提取2个图像的变量作为另外一个图像像元的移动量，计算新的位置创建新的图像并提取第二个图像的变量到新的图像

码龄粉丝数原力等级 --

即使mysql中不存在该值，如何防止$ _SESSION将变量传递给另一个表单？

0条回答默认最新

悬赏问题

即使mysql中不存在该值，如何防止$ _SESSION将变量传递给另一个表单？

0条回答 默认 最新

悬赏问题

0条回答默认最新