我有这段代码,存储在view_profile.php页面上。它具有称为“添加为朋友”的形式。没有语法错误。但是,当我提交表单时,什么时候应该刷新并将其发送到发件箱页面没有任何反应?另外,它应该向请求的用户收件箱发送一条消息。有任何想法吗?

PS:我是PHP / MySQL的新手,所以对不起,如果代码不是100%。我将在将来将其转换为PDO,只是不想这么做,因为这是处理查询等问题的一种实践。

<?php
session_start();
include "db.php";

$sqlCommand = "SELECT userid, username FROM users WHERE username='" . $_SESSION['username'] . "'";
$query = mysql_query($sqlCommand, $connection) or die (mysql_error());
while ($row = mysql_fetch_array($query)) {
    $pid = $row["userid"];
    $from_username = $_SESSION['username'];
}
mysql_free_result($query);

$to_userid = $_POST['to_userid'];

$sqlCommand = "SELECT userid, username FROM users WHERE userid='$to_userid' LIMIT 1";
$query = mysql_query($sqlCommand, $connection) or die (mysql_error());
while ($row = mysql_fetch_array($query)) {
    $TOid = $_SESSION['username'];
}
mysql_free_result($query);
?>

<input name="to_username" type="hidden" id="to_username" value="<?php print $username;?>"/>
<input name="title" type="hidden" id="title" value="<?php print $from_username ?> wants to add you as a friend!"/>
<input name="content" type="hidden" id="content" value="<?php print $from_username; ?> wants to add you as a friend!"/>
<input name="to_userid" type="hidden" id="to_userid" value="<?php print $TOid; ?>"/>
<input name="from_username" type="hidden" id="from_username" value="<?php print $from_username ?>"/>
<input name="userid" type="hidden" id="from_username" value="<?php print $_SESSION['userid'] ?>"/>
<input name="senddate" type="hidden" id="senddate" value="<?php echo date("l, jS F Y, g:i:s a"); ?>"/>

<input type="submit" name="addFriend" id="addFriend" value="Add <?php print $username ?> as a friend!"  />

<?php


if($_POST['addFriend']){

$to_username = $_POST['to_username'];
$title = $_POST['title'];
$content = $_POST['content'];
$to_userid = $_POST['to_userid'];
$userid =  $_POST['userid'];
$from_username = $_POST['from_username'];
$senddate = $_POST['senddate'];

require_once "db.php";

$query = mysql_query("INSERT INTO pm_outbox (userid, username, to_userid, to_username, title, content, senddate)VALUES('$userid', '$from_username', '$to_userid', '$to_username', '$title', '$content', '$senddate')",$connection) or die (mysql_error($connection));

$query = mysql_query( "INSERT INTO pm_inbox (userid,username,from_id, from_username, title,content,recieve_date)VALUES('$to_userid', '$to_username','$userid','$from_username', '$title', '$content','$senddate')",$connection) or die (mysql_error($connection));


echo "<meta http-equiv=\"refresh\" content=\"0; URL=pm_outbox.php\">";
exit();
}
?>

最佳答案

您从未启动过表单标签

您需要在输入之前启动它们,并在输入之后结束它们,以便

<form action='Your_action_page_here.php' method='POST'>
<input name="to_username" type="hidden" id="to_username" value="<?php print $username;?>"/>
<input name="title" type="hidden" id="title" value="<?php print $from_username ?> wants to add you as a friend!"/>
<input name="content" type="hidden" id="content" value="<?php print $from_username; ?> wants to add you as a friend!"/>
<input name="to_userid" type="hidden" id="to_userid" value="<?php print $TOid; ?>"/>
<input name="from_username" type="hidden" id="from_username" value="<?php print $from_username ?>"/>
<input name="userid" type="hidden" id="from_username" value="<?php print $_SESSION['userid'] ?>"/>
<input name="senddate" type="hidden" id="senddate" value="<?php echo date("l, jS F Y, g:i:s a"); ?>"/>
<input type="submit" name="addFriend" id="addFriend" value="Add <?php print $username ?> as a friend!"  />
</form>


我还注意到,在将变量插入表之前,您既没有验证也没有清除变量

这是您必须关注的非常重要的安全问题。我建议使用filter_var()进行验证。您还需要阅读有关如何防止SQL注入的本文How to prevent SQL injection?

07-24 18:37