Php 无法在下一个文件中调用未定义的id
我试图一次更新多个条目,但无法调用id,更新工作正常。错误显示:注意:第24行C:\xampp\htdocs\poshproject\multiedit.php中的未定义索引:idPhp 无法在下一个文件中调用未定义的id,php,sql,Php,Sql,我试图一次更新多个条目,但无法调用id,更新工作正常。错误显示:注意:第24行C:\xampp\htdocs\poshproject\multiedit.php中的未定义索引:id <?php include 'header.php'; ?> <div id="container4"><?php require ("dbfunction.php"); $con = getDbConnect(); $checkbox2 = $_POST['checkbox2']
<?php include 'header.php'; ?>
<div id="container4"><?php
require ("dbfunction.php");
$con = getDbConnect();
$checkbox2 = $_POST['checkbox2'];
if (!mysqli_connect_errno($con)) {
$str = implode($checkbox2);
$queryStr = "SELECT * " .
"FROM crewlist WHERE ($str) && crew_id";
}
$result = mysqli_query($con, $queryStr);
if (isset($_POST['submit'])) {
$checkbox2 = $_POST['checkbox2'];
foreach ($checkbox2 as $crewname) {
?> <form action="handlemultiedit.php" method="post">
<input type="hidden" name="crew_id" value="<?php echo $_GET['id']; ?>" />
<?php echo "<tr><th>" . $crewname . ":</th><br>";
echo " <tr>
<td>Shift 1:</td>
<td><input type=\"time\" name=\"start_hour\" value=\"start_hour\" id=\"start_hour\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour\" value=\"end_hour\" id=\"end_hour\" step=\"1800\" required>
</td>
</tr>
<tr>
<td>Shift 2:</td>
<td><input type=\"time\" name=\"start_hour2\" value=\"start_hour2\" id=\"start_hour2\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour2\" value=\"end_hour2\" id=\"end_hour2\" step=\"1800\" required>
</td>
</tr><br><br>";
?><?php
}?><td><input type="submit" value="Submit" ></td></form><?php
}
?>
第一:你正在为自己设置MySQL注入攻击!
您在MySQL查询中直接使用用户发布的数据,而不检查它是否包含恶意代码
$checkbox2 = $_POST['checkbox2'];
if (!mysqli_connect_errno($con)) {
$str = implode($checkbox2);
$queryStr = "SELECT * " .
"FROM crewlist WHERE ($str) && crew_id";
}
转到错误消息:multiedit.php的第24行:
<input type="hidden" name="crew_id" value="<?php echo $_GET['id']; ?>" />
或
从句柄页面,如果这是目的的话
然而,您的代码中似乎存在一些漏洞,并且无法正常工作。你能澄清一下它应该做什么吗
我猜
if (isset($_POST['submit'])) {
应移至处理页面,以检查是否确实提交了任何内容,以及
foreach ($checkbox2 as $crewname) {
实际上应该在MySQL查询的$result上循环
header("Location: crewlisting.php?id=$crew_id");
if (isset($_POST['submit'])) {
foreach ($checkbox2 as $crewname) {