access to $_POST
<?php
session_start();
if(isset($_SESSION['s1']))
{
$uname=$_SESSION['s2'];
echo "<b><i>hello ".$_SESSION['s1'];
echo "</b></i>";
}
else{
$name="none";
}
?>
<html>
<head>
<title>Doctor</title>
<form method="post">
<?php
$connection=Mysql_connect('localhost','admin','123');
Mysql_select_db('db',$connection);
//agar patient list ro khast
if(array_key_exists('sub3',$_POST))
{
if(!$connection)
{
echo 'connection is invalid';
}
else
{
$query="select * from pnt";
$result=mysql_query($query);
$num=Mysql_num_rows($result);
$num1=Mysql_num_fields($result);
if($num>0)
{
echo "<table border=0>";
echo"<tr>";
echo"<td>ID</td><td>Name</td><td>Family</开发者_运维百科td><td>File</td>";
echo"</tr>";
for($i=0;$i<$num;$i++)
{
$row=mysql_fetch_row($result);
for($j=0;$j<$num1;$j++)
{
echo"<td>$row[$j]</td>";
}
echo"<td><input type='submit' name='sub6' value='$row[0]'/></td>
<td><img src='file.jpg' width='50' height='50' /></td>";
echo"</tr>";
}//for
echo"</table>";
}//if
}//else
exit();
}
//agar zado clinical filo khast
if(array_key_exists('sub6',$_POST))
{
$query1="select * from patient where id=".$_POST['sub6'];
$result1=mysql_query($query1);
$num2=Mysql_num_rows($result1);
$num3=Mysql_num_fields($result1);
if($num2>0)
{
echo "<table border=2>";
for($i=0;$i<$num2;$i++)
{
$row=mysql_fetch_row($result1);
echo"<td>id</td><td>name</td><td>Lastname</td><td>Info</td><td>Sympthoms</td><td>Diagnosis</td>";
echo "<tr>";
for($j=0;$j<$num3;$j++)
{
echo"<td>$row[$j]</td>";
}
echo"</tr>";
}//for
echo"</table>";
}//if
$query2="select * from pharmacies";
$result2=mysql_query($query2);
$nump=Mysql_num_rows($result2);
echo "Please Select a Pharmacy:<select ID=2 name='ph'>";
echo"<option >select please";
for($i=0;$i<$nump;$i++)
{
$row=mysql_fetch_row($result2);
echo"<option value=$row[1]>$row[1]";
echo"</option>";
}
echo"</SELECT>";
$query2="select * from pharmacy";
$result2=mysql_query($query2);
$nump=Mysql_num_rows($result2);
echo "Please Select Drug:<select ID=1 name='dg'>";
echo"<option >select please";
for($i=0;$i<$nump;$i++)
{
$row=mysql_fetch_row($result2);
echo"<option >$row[0]";
echo"</option>";
}
echo"</SELECT>";
echo"<input type='submit' name='insert' value='insert this drug'/>";
echo"<b>Quantity:<input type='text' name='txt1'/>";
exit();
}//if
if(array_key_exists('insert',$_POST))
{
$qname="select * from pnt where id=".$_POST['sub6'];
$resname=mysql_query($qname);
$rown=mysql_fetch_row($resname);
$na=$rown[1];
$ins="insert into request(drug,qty,ph,situation,Doctor,userp)values('".$_POST['dg']."',".$_POST['txt1'].",'".$_POST['ph']."','underprocess','$uname','$na')";
echo $ins;
$rlt=mysql_query($ins);
if (!$rlt)
{
print(mysql_errno() .":". mysql_error());
}
}
if(array_key_exists('insert',$_POST))
{
$in="select * from request";
$rslt=mysql_query($in);
if (!$rslt)
{
print(mysql_errno() .":". mysql_error());
}
$num2=Mysql_num_rows($rslt);
$num3=Mysql_num_fields($rslt);
if($num2>0)
{
echo "<table border=2>";
echo"<td>id</td><td>drug</td><td>quantity</td><td>Doctor</td><td>explanation</td><td>pharmacy</td>";
for($i=0;$i<$num2;$i++)
{
$row=mysql_fetch_row($rslt);
echo "<tr>";
for($j=0;$j<$num3;$j++)
{
echo"<td>$row[$j]</td>";
}
echo"</tr>";
}//for
echo"</table>";
}//if
}
if(array_key_exists('sub4',$_POST))
{
header("location:login.php");
}
?>
<input type="submit" name="sub3" value="patient list"/>
<input type="submit" name="sub4" value="sign out"/>
<img src="Doc.jpg" />
</form>
</head>
</html>
$_POST is a global, or rather 'super global'. It should be accessible anywhere in your script, including inside conditional statements, functions and classes.
Are you SURE $_POST['sub6'] is set?
On an unrelated side-note, don't please ever do this:
$qname="select * from pnt where id=".$_POST['sub6'];
Assigning values from $_POST without filtering it for proper values is one of the most common vulnerabilities in php scripting.
You enter this condition only when "insert" is a key in POST. Then you try to make a query using "sub6", which may not be set. You simply have to test that "sub6" exists before using it in a query (like the rest of the keys of $_POST)
精彩评论