php 以表单形式将参数传递给php?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/803766/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
passing parameters to php in a form?
提问by Joshxtothe4
I have the basic html form echoed through php:
我有通过 php 回显的基本 html 表单:
<html>
<body>
<?php
if (isset($_GET["pk"]))
{ $pk = $_GET["pk"];}
echo '<form action="up.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>';
?>
</body>
</html>
I would like to pass the value of pk to up.php
我想将 pk 的值传递给 up.php
Modifying action="up.php?pk=$pk" did not work.
修改 action="up.php?pk=$pk" 不起作用。
回答by Paolo Bergantino
Use a hidden field:
使用隐藏字段:
<input type="hidden" name="pk" value="<?php echo $pk; ?>">
By the way, printing large amounts of HTML like you have there is ugly. Consider either stepping out of PHP to do so, using HEREDOC, a template engine, or a framework.
顺便说一句,像你那样打印大量的 HTML 是丑陋的。考虑退出 PHP,使用 HEREDOC、模板引擎或框架。
EDIT:
编辑:
As noted below, you should not print GET and POST data back to the page without sanitizing it first. Assuming pk is a primary key, you should wrap $pkabove with the intvalfunction, at the very least.
如下所述,您不应该在没有首先清理它的情况下将 GET 和 POST 数据打印回页面。假设 pk 是一个主键,你应该$pk用intval函数在上面包装,至少.
回答by Kristian Lunde
I agree with all the comments regarding some kind of input control of the $_GET['pk'] variable. I would recommend the filter module in php, which is pretty much a default installed module I believe.
我同意有关 $_GET['pk'] 变量的某种输入控制的所有评论。我会推荐 php 中的过滤器模块,我相信这几乎是默认安装的模块。
<html>
<body>
<?php
$param = filter_input(INPUT_GET, 'pk', FILTER_SANITIZE_ENCODED);
?>
<form action="up.php<?php echo (isset($param) && $param != false) ? '?pk=' . $params : ''); ?>" method="post"enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
You can find more information about the filter module here: link text
您可以在此处找到有关过滤器模块的更多信息:链接文本
I also agree with Paolo Bergantino, this is not the prettiest way to do it, and a template engine, heredocs or regexp could be a better way of increasing the readability and maintainability of the system.
我也同意 Paolo Bergantino 的观点,这不是最好的方法,模板引擎、heredocs 或 regexp 可能是提高系统可读性和可维护性的更好方法。
回答by Greg
You can't use a variable inside a single-quoted string:
不能在单引号字符串中使用变量:
$pk = 123;
echo 'Hello $pk'; // echos Hello $pk
echo "Hello $pk"; // echos Hello 123
echo 'Hello ' . $pk; // echos Hello 123
The best way to pass it through would be as a hidden field inside the form
传递它的最佳方法是作为表单内的隐藏字段
回答by empi
Try sth like this:
试试这样:
<html>
<body>
<?php
$params = "";
if (isset($_GET["pk"]))
{ $params = "?pk=" . $_GET["pk"];}
echo '<form action="up.php' . $params . '" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>';
?>
</body>
</html>
Of course you should be aware that $_GET["pk"] may contain pretty much anything, so think about some kind of input sanitization.
当然,您应该知道 $_GET["pk"] 可能包含几乎任何内容,因此请考虑某种输入清理。
