我正在编写一个应用程序,允许用户上传潜在员工的推荐信。
每个引用都会发送一封电子邮件,在url的末尾包含一个唯一的字符串。例如,地址看起来类似于:www.mywebadress?url=503241a20b5085_18720621.
为了确定唯一字符串是否有效(即存在于数据库中),我需要进行查询搜索。但是,当引用试图访问URL时,他需要回答一个安全问题。所以,我还需要检查答案是否有效,他之前是否上传过,等等,以确定将他重定向到哪个页面。
但由于查询的原因,我的代码要求用户单击"提交"两次。这真的很烦人,但我不知道该怎么解决
以下是我的代码的相关摘录:
if ( isset ($_GET['url']) ) {
$query = "SELECT * FROM ref_info WHERE url='" . $_GET['url'] . "'";
$result = $db->execute($query);
if ( empty ($result) ) {
//error message
} else {
$url = $_GET['url'];
if ( $_SESSION['validated'] ) {
if ( $result[0]['uploaded'] ==1 ) {
$_SESSION['uploaded'] =true;
} else {
$_SESSION['uploaded'] =false;
}
include_once("process_upload.php");
} else {
if ( empty($result[0]['answer']) ) {
include_once("security.php");
} else {
include_once("security_check.php");
}
}
}
}
我能做些什么让表格只需要提交一次吗?
提前感谢您的任何建议!!
if ( isset ($_GET['url']) ) {
$query = "SELECT * FROM ref_info WHERE url='" . $_GET['url'] . "'"; //that is really not secure. Take a look at mysql_real_escape_string or something like that in yor $db
$result = $db->execute($query);
if ( empty ($result) ) {
//error message
} else {
$url = $_GET['url'];
if (empty($result[0]['answer']) ) { // page is just opened,form is not yet submitted - ask sequrity question
include_once("security.php");
} else { //oh. Submit is done - let me check if it is Ok
include_once("security_check.php");
}
if ( $_SESSION['validated'] ) { //validation is Ok? Yeah. Answer is not posted yet, so validation fails and we do nothing. Just show a form with a question
if ( $result[0]['uploaded'] ==1 ) {
$_SESSION['uploaded'] =true;
} else {
$_SESSION['uploaded'] =false;
}
include_once("process_upload.php");
}
}
}