我对 php 很陌生,我正在尝试将一系列变量添加到 html 超链接中。然而,任何返回空格的变量都会弄乱超链接。
<html>
<head>
<title>Grants Test</title>
</head>
<body>
<?php
// Connect to Database
mysql_connect("XXXXXXXX", "XXXXXXX", "XXXXXXXXXX") or die(mysql_error());
mysql_select_db("XXXXXXXXX") or die(mysql_error());
$mode = $_GET['mode'];
$Name = $_GET['Name'];
$DOP = $_GET['DOP'];
$SRN = $_GET['SRN'];
$SUP = $_GET['SUP'];
$COG = $_GET['COG'];
$CUST = $_GET['CUST'];
$Comments = $_GET['Comments'];
$Upload_T = $_GET['Upload_T'];
$Edit_T = $_GET['Edit_T'];
$PONumber = $_GET['PONumber'];
$self = $_SERVER['PHP_SELF'];
//Edit Mode
if ( $mode=="edit")
{
Print '<h2>Edit</h2>
<p>
<form action=';
echo $self;
Print '
method=GET>
<table>
<tr><td>PONumber:</td><td><input type="text" disabled="disabled" value="';
Print $PONumber;
print '" name="PONumber" /></td></tr>
<tr><td>Name:</td><td><input type="text" value="';
Print $Name;
print '" name="Name" /></td></tr>
<tr><td>Date of Purchase:</td><td><input type="text" value="';
Print $DOP;
print '" name="DOP" /></td></tr>
<tr><td>Service Report:</td><td><input type="text" value="';
Print $SRN;
print '" name="SRN" /></td></tr>
<tr><td>Supplier:</td><td><input type="text" value="';
Print $SUP;
print '" name="SUP" /></td></tr>
<tr><td>Cost ex.VAT:</td><td><input type="text" value="';
Print $COG;
print '" name="COG" /></td></tr>
<tr><td>Customer:</td><td><input type="text" value="';
Print $CUST;
print '" name="CUST" /></td></tr>
<tr><td>Comments:</td><td><input type="text" value="';
Print $Comments;
print '" name="Comments" /></td></tr>
<tr><td colspan="2" align="center"><input type="submit" /></td></tr>
<input type=hidden name=mode value=edited>
<input type=hidden name=PONumber value=';
Print $PONumber;
print '>
</table>
</form> <p>';
}
if ( $mode=="edited")
{
mysql_query ("UPDATE purchase SET Name = '$Name', DOP = '$DOP', SRN = '$SRN', SUP = '$SUP', COG = '$COG', CUST = '$CUST', Comments = '$Comments', Upload_T = '$Upload_T', Edit_T = NOW() WHERE PONumber = $PONumber");
Print "Data Updated!<p>";
}
//Delete Mode
if ( $mode=="remove")
{
mysql_query ("DELETE FROM purchase where PONumber=$PONumber");
Print "Entry has been removed <p>";
}
//Show Table
$data = mysql_query("SELECT * FROM purchase ORDER BY PONumber ASC")
or die(mysql_error());
Print "<h2>Purchase Orders</h2><p>";
Print "<table border cellpadding=3>";
Print "<tr><th width=100>PONumber</th><th width=100>Name</th><th width=100>Date of Purchase</th><th width=100>Service Report</th><th width=100>Supplier</th><th width=100>Cost ex.VAT</th><th width=100>Customer</th><th width=100>Comments</th><th width=100>Time Requested</th><th width=100>Last Edited</th></tr>";
while($info = mysql_fetch_array( $data ))
{
Print "<tr><td>".$info['PONumber'] . "</td> ";
Print "<td>".$info['Name'] . "</td> ";
Print "<td>".$info['DOP'] . "</td> ";
Print "<td>".$info['SRN'] . "</td> ";
Print "<td>".$info['SUP'] . "</td> ";
Print "<td>".$info['COG'] . "</td> ";
Print "<td>".$info['CUST'] . "</td> ";
Print "<td>".$info['Comments'] . "</td> ";
Print "<td>".$info['Upload_T'] . "</td> ";
Print "<td>".$info['Edit_T'] . "</td> ";
Print "<td><a href=" .$_SERVER['PHP_SELF']. "?PONumber=" . $info['PONumber'] ."&DOP=" . $info['DOP'] . "&Name=" . $info['Name'] . "&mode=edit>Edit</a></td>"; Print "<td><a href=" .$_SERVER['PHP_SELF']. "?PONumber=" . $info['PONumber'] ."&mode=remove>Remove</a></td></tr>";
}
Print "</table>";
这是我遇到问题的行,数据从数据库中提取,但任何带有空格的数据都会被缩短。
Print "<td><a href=" .$_SERVER['PHP_SELF']. "?PONumber=" . $info['PONumber'] ."&DOP=" . $info['DOP'] . "&Name=" . $info['Name'] . "&mode=edit>Edit</a></td>"; Print "<td><a href=" .$_SERVER['PHP_SELF']. "?PONumber=" . $info['PONumber'] ."&mode=remove>Remove</a></td></tr>";
查看输出:
<a href="/beta/testscript.php?PONumber=3697&DOP=2014-11-23&Name=Joe" bloggs&mode="edit">Edit</a>
如何阻止这种情况发生?
谢谢, 格兰特
最佳答案
您需要使用 urlencode 对 URL 参数进行编码。
另外,不要使用 mysql_ 函数,它们很容易出现错误,导致安全漏洞,稍后会从 PHP 中删除。改为学习 PDO。
关于PHP 超链接变量中的空格,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27530048/