0

首先,我知道 SQL 注入,因此无需对其发表评论,因为此表单从不连接到 Internet,并且仅由 2 人使用。

现在我的问题是我已经使用下面的代码几个星期了,它运行良好

<?php
    $sql = "SELECT * FROM ".$SETTINGS["data_table"]." ORDER BY id " ;
    $sql_result = mysql_query ($sql, $connection ) or die ('request "Could not execute SQL query" '.$sql);
    while ($row = mysql_fetch_assoc($sql_result)) {


    }
?>


<input type="submit" name="button" id="table_button" value="Search" style="width: 45px" />&nbsp;


<a href="search_football.php">Reset</a> </div>
</form></fieldset>
<br /><br />

<fieldset style="width: 725px"><legend>Search Results</legend>
<?php
// Define $color=1 
    $color="1";
    echo '<table width="100%" border="1" align="center" cellpadding="0" cellspacing="0">';
    echo '<th>ID</th><th>Division</th><th>Club</th><th>Roster Number</th><th>Last Name</th><th>First Name</th><th>Registered</th><th>Payment</th></th><th>View Player</th><th>Edit Player</th><th>Check Out</th><th>Check In</th><th>Make Badge</th><th>Delete</th>';

if ($_REQUEST["club"]<>'') {
    $search_club = " AND club='".mysql_real_escape_string($_REQUEST["club"])."'";   
}
if ($_REQUEST["division"]<>'') {
    $search_division = " AND division='".mysql_real_escape_string($_REQUEST["division"])."'";   
}
if ($_REQUEST["lname"]<>'') {
    $search_lname = " AND lname='".mysql_real_escape_string($_REQUEST["lname"])."'";    
}

if ($_REQUEST["club"]<>'' and $_REQUEST["division"]<>'' and $_REQUEST["lname"]<>'') {
    $sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE club = '".mysql_real_escape_string($_REQUEST["club"])."' AND division = '".mysql_real_escape_string($_REQUEST["division"])."' AND lname = '".mysql_real_escape_string($_REQUEST["lname"])."'".$search_club.$search_division.$search_lname;
}  else {
    $sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE id>0".$search_club.$search_division.$search_lname;
}

$sql_result = mysql_query ($sql, $connection ) or die ('request "Could not execute SQL query" '.$sql);
if (mysql_num_rows($sql_result)>0) {
    while ($row = mysql_fetch_assoc($sql_result)) {

  // If $color==1 table row color = #FFC600
    if($color==1){
    echo "<tr bgcolor='#C6E7F7'>
    <td><center>".$row['id']."</center></td><td><center>".$row['division']."</center></td><td><center>".$row['club']."</center></td><td><center>".$row['roster_number']."</center></td><td><center>".$row['lname']."</center></td><td><center>".$row['fname']."</center></td><td><center>".$row['registered']."</center></td><td><center>".$row['pay_status']."</center></td><td><center><a href=player_verification.php?id=$row[id]><img src=images/icons/view.png height='30' width='30' border='0'/></center></td><td><center><a href=edit_player.php?id=$row[id]><img src=images/icons/edit.png height='25' width='25' border='0'/></center></td><td><center><a href=equipment_checkout.php?id=$row[id]><img src=images/icons/out-icon.png height='30' width='30' border='0'/></center></td><td><center><a href=equipment_checkin.php?id=$row[id]><img src=images/icons/checkin.png height='30' width='30' border='0'/></center></td><td><center><a href=make_badge.php?id=$row[id]><img src=images/icons/badge.png height='30' width='30' border='0'/></center></td><td><center><a href=delete.php?id=$row[id]><img src=images/icons/delete.gif height='20' width='20' border='0'/></center></td></tr>";
    // Set $color==2, for switching to other color 
    $color="2";
    }
    // When $color not equal 1, use this table row color 
    else {
    echo "<tr bgcolor='#FFFFFF'>
    <td><center>".$row['id']."</center></td><td><center>".$row['division']."</center></td><td><center>".$row['club']."</center></td><td><center>".$row['roster_number']."</center></td><td><center>".$row['lname']."</center></td><td><center>".$row['fname']."</center></td><td><center>".$row['registered']."</center></td><td><center>".$row['pay_status']."</center></td><td><center><a href=player_verification.php?id=$row[id]><img src=images/icons/view.png height='30' width='30' border='0'/></center></td><td><center><a href=edit_player.php?id=$row[id]><img src=images/icons/edit.png height='25' width='25' border='0'/></center></td><td><center><a href=equipment_checkout.php?id=$row[id]><img src=images/icons/out-icon.png height='30' width='30' border='0'/></center></td><td><center><a href=equipment_checkin.php?id=$row[id]><img src=images/icons/checkin.png height='30' width='30' border='0'/></center></td><td><center><a href=make_badge.php?id=$row[id]><img src=images/icons/badge.png height='30' width='30' border='0'/></center></td><td><center><a href=delete.php?id=$row[id]><img src=images/icons/delete.gif height='20' width='20' border='0'/></center></td></tr>";
    // Set $color back to 1 
    $color="1";
    }

    }
} else {
?>

然后我决定更改它以添加一个用于分页的 jquery 插件,现在我正在使用它

<?php
include 'elite-banner.php';

$con = mysql_connect("localhost", "root", "xxx");

if (!$con) {
die("Error: " . mysql_error());
}

mysql_select_db("xxx", $con);

$result = mysql_query("SELECT * FROM players WHERE ID = id");
?>
<br/>
<!DOCTYPE html>
<html>
<head>
    <title>DataTables</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <script src="media/js/jquery.js" type="text/javascript"></script>
    <script src="media/js/jquery.dataTables.js" type="text/javascript"></script>

    <style type="text/css">
        @import "media/css/demo_table_jui.css";
        @import "media/themes/smoothness/jquery-ui-1.8.4.custom.css";



   *{
            font-family: arial;
    }
        #holder {
        margin:auto;
    }

    .auto-style1 {
        border-left: 1px solid #C0C0C0;
        font-family: "Courier New", Courier, monospace;
    }
    .auto-style2 {
        text-align: center;
        border-right-style: solid;
        border-right-width: 1px;
        border-right-color:#C0C0C0
    }

    .auto-style3 {
        font-family: "Agency FB";
    }
    .auto-style4 {
        font-family: "Courier New", Courier, monospace;
    }
    .auto-style5 {
        text-align: center;
        font-family: "Courier New", Courier, monospace;
    }
    tr:hover {
        background-color:#99FF99;
    }


    </style>
    <script type="text/javascript" charset="utf-8">
        $(document).ready(function(){
            $('#datatables').dataTable({
                "sPaginationType":"full_numbers",
                "aaSorting":[[2, "desc"]],
                "bJQueryUI":true
            });
        })

    </script>
    <?php
    include 'menu.php';
    ?>
</head>
<body>
<div id="holder" style="width:70%;">
    <div>
        <table id="datatables" class="display">
            <thead>
                <tr>
                    <th style="width: 22px" class="auto-style3">Div</th>
                    <th style="width: 180px" class="auto-style3">Club</th>
                    <th style="width: 125px" class="auto-style3">Last Name</th>
                    <th style="width: 129px" class="auto-style3">First Name</th>
                    <th style="width: 50px" class="auto-style3">Number</th>
                    <th style="width: 40px" class="auto-style3">View </th>
                    <th style="width: 40px" class="auto-style3">Edit </th>
                    <th style="width: 40px" class="auto-style3">Out</th>
                    <th style="width: 40px" class="auto-style3">In</th>
                    <th style="width: 40px" class="auto-style3">Badge</th>
                    <th style="width: 40px" class="auto-style3">Delete</th>
                </tr>
            </thead>
            <tbody>
                <?php
                while ($row = mysql_fetch_array($result)) {
                    ?>
                    <tr>
                        <td class="auto-style1" style="width: 22px"><?=$row[division]?></td>
                        <td class="auto-style5" style="width: 180px"><?=$row[club]?></td>
                        <td class="auto-style5" style="width: 125px"><?=$row[lname]?></td>
                        <td class="auto-style5" style="width: 129px"><?=$row[fname]?></td>
                        <td class="auto-style5" style="width: 50px"><?=$row[roster_number]?></td>
                        <td class="dataTables_empty" style="width: 40px"><a href=player_verification.php?id=$row[id]>
                        <img src="images/icons/view.png" height="30" width="30" border="0" class="auto-style4"/></a></td>
                        <td class="dataTables_empty" style="width: 40px"><a href=edit_player.php?id=$row[id]>
                        <img src="images/edit.png" height="30" width="30" border="0" class="auto-style4"/></a></td>
                        <td class="dataTables_empty" style="width: 40px"><a href=check_out.php?id=$row[id]>
                        <img src="images/checkout.png" height="30" width="30" border="0" class="auto-style4"/></a></td>
                        <td class="dataTables_empty" style="width: 40px"><a href=check_in.php?id=$row[id]>
                        <img src="images/checkin.png" height="40" width="40" border="0" class="auto-style4"/></a></td>
                        <td class="dataTables_empty" style="width: 40px"><a href=make_badge.php?id=$row[id]>
                        <img src="images/badge.png" height="40" width="40" border="0" class="auto-style4"/></a></td>
                        <td class="auto-style2" style="width: 40px"><a href=delete.php?id=$row[id]>
                        <img src="images/delete.gif" height="30" width="30" border="0" class="auto-style4"/></a></td>
                    </tr>
                    <?php
                }
                ?>
            </tbody>
        </table>
    </div>
    </div>
</body>

我现在的问题是,当我点击搜索结果中的任何链接时,他们不会将 id 传递到下一页它现在在 url 中显示

http://localhost/fb/player_verification.php?id=$row[id]

而不是这个

http://localhost/fb/player_verification.php?id=139

像以前一样,我做错了什么?

4

1 回答 1

1

这不会被解析为 PHP。但作为纯文本。

<a href=player_verification.php?id=$row[id]>

将所有网址更改为类似

<a href="player_verification.php?id=<?php echo $row[id]; ?>">

于 2013-08-11T21:37:40.913 回答