0

我有以下 javascript 函数和 php 文件。我想获取 URL 中的 id 并将其发送到 PHP,以便我可以通过页面上的特定 ID 查询数据。这是我到目前为止所拥有的。让我知道需要更改哪些内容才能使其正常工作。谢谢

javascript:

/*adding data*/
dhx.ready(function () {
    dhx.ui.fullScreen();
    dhx.ui({
        view: "scheduler",
        id: "scheduler"
    });
    $$("scheduler").load("placevents.php?id=" + getID, "scheduler");

    /*preselects Month view*/
    $$("scheduler").$$("month").show();
    $$("scheduler").$$("buttons").setValue("month");
});

PHP: 

//Retrieve logged in user
$test = ".@$_REQUEST['id']";

$scheduler = new schedulerConnector( $res, "MySQL" );
$scheduler -> enable_log( "log.txt", true );
$scheduler -> render_table("events LEFT JOIN tblfollowers ON events.id_user = tblfollowers.username"
        . " WHERE events.status = 'active' AND((events.id_user) ='$test')"
        . " GROUP BY events.event_id, events.event_name, events.user_name, events.id_user, events.time, events.details, events.location, events.dresscode"
        . " Order By events.timestamp DESC","event_id","start_date, start_date,event_name,details");
$scheduler -> render_sql("select event_id, start_date, end_date, event_name, details from events ");
4

1 回答 1

0

请发布完整的源代码,但是我认为首先有两个错误你必须修改它:

$test = ".@$_REQUEST['id']";

进入这个:

$test = $_REQUEST['id'];
mysql_real_escape_string($test);

这可以帮助您防止 sql 注入。

正如我上面所说,我不知道你的源代码,但我认为还有其他错误:

$$("scheduler").load("placevents.php?id=" + getID, "scheduler");

尝试将其修改为:

$$("scheduler").load("placevents.php?id=" + getID + "&scheduler");
于 2013-06-24T00:15:02.420 回答