我使用php文件url用ajax提交了一个表单。在php文件中,我验证了电子邮件已经存在,并将结果存储在会话中。此外,我还生成了一个随机id号,并将其存储在会话中。现在,我希望ajax在处理php文件后给我带来这些会话,这样我就可以在表单页面上显示这些会话。有人能帮我吗?提前感谢。。。。
PHP
include("connection.php");
if (isset($_POST['firstname'])) {
$certification = implode(', ', $_POST['cert_type']);
$documents = implode(', ', $_POST['attached_documents']);
if ($_SESSION['bus_status'] = isset($_POST['bus_status']) ? $_POST['bus_status'] : '') ;
if($_SESSION['bus_status'] == "new"){
$_SESSION['establishment_year'] = 'null';
$_SESSION['staff_strength'] = 'null';
}
elseif ($_SESSION['bus_status'] == "existing") {
$_SESSION['establishment_year'] = $_POST['establishment_year'];
$_SESSION['staff_strength'] = $_POST['staff_strength'];
}
$numrows = mysql_num_rows(mysql_query(" SELECT email FROM personal_data WHERE email='".$_POST['email']."'"));
$string="";
if($numrows!=0){
$_SESSION['comment'] = '<div class="alert alert-danger" role="alert" style="font-size: 16px"><i class="fa fa-exclamation"></i> Please this user already exists. <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button></div>';
}
else {
$_SESSION['rand'] = rand(0, 900);
$SQL = "INSERT INTO personal_data VALUES (
'" . $_SESSION['rand'] . "','" . $_POST['firstname'] . "','" . $_POST['surname'] . "','" . $_POST['gender'] . "',
'" . $_POST['dob'] . "','" . $_POST['age'] . "','" . $_POST['nationality'] . "','" . $_POST['hometown'] . "',
'" . $_POST['region_of_origin'] . "','" . $_POST['place_of_res'] . "','" . $_POST['region_of_res'] . "','" . $_POST['res_address'] . "',
'" . $_POST['pos_address'] . "','" . $_POST['mum_nationality'] . "','" . $_POST['dad_nationality'] . "',
'" . $_POST['mobile_num'] . "','" . $_POST['telephone'] . "','" . $_POST['email'] . "','" . date('d-M-Y h:ia') . "')";
$result = mysql_query($SQL)
or die(mysql_error());
$SQL2 = "INSERT INTO education VALUES (
'" . $_SESSION['rand'] . "','" . $_POST['level_of_education'] . "','" . $_POST['type_of_education'] . "',
'" . $_POST['name_of_institution'] . "','" . $_POST['admission_year'] . "','" . $_POST['completion_year'] . "')";
$result2 = mysql_query($SQL2)
or die(mysql_error());
$SQL3 = "INSERT INTO business_information VALUES (
'" . $_SESSION['rand'] . "','" . $_POST['bus_name'] . "','" . $_POST['bus_description'] . "','" . $_POST['bus_address'] . "',
'" . $_POST['bus_region'] . "','" . $_SESSION['bus_status'] . "','" . $_SESSION['establishment_year'] . "',
'" . $_SESSION['staff_strength'] . "','" . $_POST['reg_type'] . "','".$certification."','".$documents."')";
$result3 = mysql_query($SQL3)
or die(mysql_error());
}
}
AJAX
var dataString = $('#appForm').serialize(); //alert (dataString);return false;
$.ajax({
type: "POST",
url: "application_form_params.php",
data: dataString,
success: function() {
window.location.reload();
$('.register-alert').html("You have successfully registered an applicant");
}
});
在PHP脚本结束时,您可以打印任何要发送的数据:
$response = array(
'rand' => $_SESSION['rand'],
'establishment_year' => $_SESSION['establishment_year'],
'staff_strength' => $_SESSION['staff_strength'],
);
echo json_encode($response);
die;
在JS部分过程中:
var dataString = $('#appForm').serialize(); //alert (dataString);return false;
$.ajax({
type: "POST",
url: "application_form_params.php",
data: dataString,
dataType: 'json',
success: function (data) {
window.location.reload();
$('.register-alert').html("You have successfully registered an applicant with rand " + data.rand);
}
});
作为额外的建议,请查看您的所有PHP脚本。作为第一点,您可以开始阅读有关SQL注入的内容(http://php.net/manual/en/security.database.sql-injection.php),您永远不应该在没有过滤/转义的情况下直接将用户输入放入SQL查询中。所有输入都被污染了!