<form action='<?php $_SERVER['PHP_SELF'] ?>' method='post'>
Picture: <input type="text" id="appimg" name="img">
URl: <input type="text" id="apphref" name="url" value="">
<input type="hidden" name="action" value="submitted">
<input type="submit" value="submit">
</form>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if(isset($_POST['img']) && isset($_POST['url']))
{
$img = $_POST['img'];
$url = $_POST['url'];
$query = sprintf('INSERT INTO pic(pic,url)'.
'VALUES ("%s","%s")',$img,$url);
if(!$result = mysql_query($query))
{
die('Could not insert into the database:'.mysql_error());
}
}
}
?>
为什么我填入img或者url为空,也能提交成功,if(isset($_POST['img']) && isset($_POST['url'])) 这个语句有错吗?
另外如何防止刷新重复提交,请大神帮助改下代码!!!!
Picture: <input type="text" id="appimg" name="img">
URl: <input type="text" id="apphref" name="url" value="">
<input type="hidden" name="action" value="submitted">
<input type="submit" value="submit">
</form>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if(isset($_POST['img']) && isset($_POST['url']))
{
$img = $_POST['img'];
$url = $_POST['url'];
$query = sprintf('INSERT INTO pic(pic,url)'.
'VALUES ("%s","%s")',$img,$url);
if(!$result = mysql_query($query))
{
die('Could not insert into the database:'.mysql_error());
}
}
}
?>
为什么我填入img或者url为空,也能提交成功,if(isset($_POST['img']) && isset($_POST['url'])) 这个语句有错吗?
另外如何防止刷新重复提交,请大神帮助改下代码!!!!
为空的验证 用empty函数 为空返回true
改为如下试试:
if($_POST['img']!="" && $_POST['url']!="")或者if(!empty($_POST['img']) && !empty($_POST['url']))2:防刷新好像是js的事吧。
判断提交内容时,首先判断Session中的token与$_POST['token']是否匹配,然后清除Session中的token。这样每次获取表单都只是第一次提交才有效。
session_start();if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if($_POST['token'] != $_SESSION['token'])
{
die('Token mismatch');
}
unset($_SESSION['token']);
if($_POST['img'] && $_POST['url'])
{
$img = $_POST['img'];
$url = $_POST['url'];
$query = sprintf('INSERT INTO pic(pic,url)'.
'VALUES ("%s","%s")',$img,$url);
if(!$result = mysql_query($query))
{
die('Could not insert into the database:'.mysql_error());
}
}
}
$token = md5(mt_rand(0, 65535));
$_SESSION['token'] = $token;
?>
<form action='<?php $_SERVER['PHP_SELF'] ?>' method='post'>
Picture: <input type="text" id="appimg" name="img">
URl: <input type="text" id="apphref" name="url" value="">
<input type="hidden" name="action" value="submitted">
<input type="hidden" name="token" value="<?php echo $token?>">
<input type="submit" value="submit">
</form>
<?php
session_start();if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if($_POST['token'] != $_SESSION['token'])
{
die('Token mismatch');
}
unset($_SESSION['token']);
if($_POST['img'] && $_POST['url'])
{
$img = $_POST['img'];
$url = $_POST['url'];
$query = sprintf('INSERT INTO pic(pic,url)'.
'VALUES ("%s","%s")',$img,$url);
if(!$result = mysql_query($query))
{
die('Could not insert into the database:'.mysql_error());
}
}
}
$token = md5(mt_rand(0, 65535));
$_SESSION['token'] = $token;
?>
<form action='<?php $_SERVER['PHP_SELF'] ?>' method='post'>
Picture: <input type="text" id="appimg" name="img">
URl: <input type="text" id="apphref" name="url" value="">
<input type="hidden" name="action" value="submitted">
<input type="hidden" name="token" value="<?php echo $token;?>">
<input type="submit" value="submit">
</form>