Add form action [closed]

前端未结

关注

 3  1756

庸人自扰

相关标签:

3条回答

渐次进展

2021-01-26 19:02

if(isset($_POST['submit'])){
  $ip_server = mysql_real_escape_string($_POST['ipserver']);
  $port_server = mysql_real_escape_string($_POST['portserver']);
  if ($ip_server == NULL || $port_server == NULL){
    echo 'Моля попълнете всички полета.';
  } else {
    $type = "halflife";
    $zone = 0;
    $disabled = 0;
    $status = 1;
    $sql = "INSERT INTO `lgsl` (type, ip, c_port, q_port, zone, disabled, status) VALUES ('$type', '$ip_server', '$port_server', '$port_server', '$zone', '$disabled', '$status')";
    $result = mysql_query($sql);
    echo 'Сървъра е успешно добавен!';
  }
}

I added the mysql_real_escape_string to prevent code injections.

Also use method="post" in your form tag like this <form method="post">

0 讨论(0)

逝去的感伤

2021-01-26 19:05
What is the default form HTTP method?

You need to add an attribute to the form tag to turn it into POST based on your code.
```
<form method="POST">
```
$_POST vs. $_SERVER['REQUEST_METHOD'] == 'POST'

To validate the request, use:
```
if( $_SERVER["REQUEST_METHOD"] == "POST" ) // or GET, if appropriate
```
If you had intended to use GET, you could add a hidden element with the name "page" and the value "servers".
```
 <input type="hidden" name="page" value="servers" />
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
我在风中等你

2021-01-26 19:08
You may have the action value that you'd like, as the following HTML indicates:
```
<form name="myform" action="testform.php?query=string" method="POST">
<input name="data" type="text">
<input type="submit">
</form>
```
The way your form is currently set up, by default, it results in a GET request. However, your PHP tests for a form submitted as a POST request! If you really intend to submit the form as a POST request then you must specify that in the action attribute as action="POST". Then, change your test of the submitted form to check whether the POST has a value or not, as follows:
```
<?php
if (isset($_POST) && $_POST != null){
   echo ( htmlentities( $_SERVER['QUERY_STRING'] ) );  // adding more security
}
?>
```
Note: when the method is POST, the portion ?query=string does not reflect a GET variable but rather a QUERY_STRING. When this form is submitted it redirects to testform.php?query=string.

Incidentally, a handy function for parsing the resulting query string is parse_str and you can use it to create a variable or an associative array that contains the "string" value, as follows:
```
<?php
$qs = htmlentities( $_SERVER['QUERY_STRING'] );
$str = substr( $qs, 1 ); // remove the '?'

// array option
parse_str( $str ,$arr);
echo $arr['query'],"\n";  

// variable option
parse_str( $str );
echo $query;  
```
See http://3v4l.org/DC27Y
0 讨论(0)
发布评论:

提交评论
- 加载中...

热议问题