问题
This works fine:
$username= $_GET["username"];
$query= "INSERT INTO test (latitude) VALUES ('$username')";
mysql_query($query) or die (mysql_error("error"));
mysql_close();
This does not work:
if(!isset($_POST['submit']))
{
}
else
{
$username= $_GET["username"];
$query= "INSERT INTO test (latitude) VALUES ('$username')";
mysql_query($query) or die (mysql_error("error"));
mysql_close();
}
It works if $username is set to something other than get, like '7'.
The GET retrieving a value from objective c. If I don't put it in an if statement it will just enter itself into my database hundreds of times. If I put it in the 'if' statement it will only enter once, but the value will be zero. I'm totally stumped. Any help would be great.
EDIT: I think because of the answers I'm getting that i didn't explain well. to clarify: I am using POST to post user_id, answer_body. I am using GET as a way to import the latitude and longitude from Core Location (even though I named it username, it is the latitude). I want them all to go into the same entry, which is why im tying GET to isset_POST. Further, when GET(username) is on its own, with an INSERT query, it will make hundreds of duplicates in my database. Here is the objective-C script:
//sends whatever username is set to, to database
float username = location.coordinate.latitude;
NSString *theValue = [NSString stringWithFormat:@"%f", username];
NSString *hostStr =[NSString stringWithFormat:@"http://mysite.com/page.php?username=%@", theValue];
NSData *dataURL = [NSData dataWithContentsOfURL: [ NSURL URLWithString: hostStr ]];
NSString *serverOutput = [[NSString alloc] initWithData:dataURL encoding: NSUTF8StringEncoding];
NSLog(@"Server output: %@", serverOutput);
The form code is:
<form action="gpstestertwo.php" method="post"><center>
$<input type="text" name="answer_body" maxlentgh= "5" style="height:3em;"/>
<input type="submit" value="submit" name="submit" style="height:2em; width:5em; font-size:19px "
/>
</center>
</form>
回答1:
if(isset($_REQUEST['submit']))
{
$username= mysql_real_escape_string($_REQUEST["username"]);
$query= "INSERT INTO test (latitude) VALUES ('$username')";
mysql_query($query) or die (mysql_error("error"));
mysql_close();
}
EDIT: First, I changed the $_GET and the $_POST to $_REQUEST so it will accept both $_GET and $_POST.
Second, I added the mysql_real_escape_string function, that will escape unwanted chars such as qutation marks, in order to prevent SQL Injection.
回答2:
$_POST['submit'] and $_GET['username']... why not use $_POST['username'].
How are you sending the FORM data, POST or GET? Or use $_REQUEST['username'] to be sure.
Not to mention the need to escape the username before using in query.
EDIT (always do the processing on POSTs, not GETs):
if(!strcasecmp($_SERVER['REQUEST_METHOD'], 'POST')){
// post operation, do your work HERE only
if(!empty($_POST['username'])){
// ... do your worst here ...
}
}
GETs are the default request and you might end up bombarded in your database. POSTs are the special ones. So make sure the REQUEST_METHOD is POST before doing POST handling.
来源:https://stackoverflow.com/questions/13110180/php-get-value-erased-when-placed-in-ifisset