1

我是使用 dhtmlx 调度程序的新手。我也想将共享事件与位置数据一起使用。但我做不到,下面是我的服务

<?php
    require_once('../common/connector/scheduler_connector.php');
    require_once('../common/config.php');

    $user_id = intval($_GET['user']);
    $location_id = 11;
    $scheduler = new schedulerConnector($res, $dbtype);
    function default_values($action){
        global $user_id;

        $event_type = $action->get_value("event_type");
        if ($event_type == "")
            $event_type = 0;

        $action->set_value("userId",$user_id);
            $action->set_value("locationId", $location_id");
    }
    $scheduler->event->attach("beforeProcessing","default_values");

    $scheduler->render_sql("select * from events_shared where userId = ".$user_id,"event_id","start_date,end_date,text,event_type,userId");
?>

$action->set_value("locationId", $location_id"); 是我从官方网站获得的现有示例代码中添加的唯一一行。我还在 events_shared 表中添加了一个列。

4

1 回答 1

1

您需要使用“ global ”关键字将“ $location_id ”导入“ function default_values ”范围:

function default_values($action){
  global $user_id, $location_id;

  $event_type = $action->get_value("event_type");
  if ($event_type == ""){
    $action->set_value("event_type",'0');
  }

  $action->set_value("userId",$user_id);
  $action->set_value("locationId", $location_id);
}

其次,您似乎在 $location_id 之后有未封闭的报价。它应该给你一个语法错误:

$action->set_value("locationId", $location_id");

如果要按“userId”列进行过滤,可以使用内置的 api 过滤或转义请求,然后再将它们插入到 sql 查询中。否则,您的查询将暴露于 sql 注入。不安全的实现:

$scheduler->render_sql("select * from events_shared where userId = ".$user_id,"event_id","start_date,end_date,text,event_type,userId");

安全实施:

$scheduler->filter("userId", $user_id);

$scheduler->render_table("events_shared","event_id","start_date,end_date,text,event_type,userId");

这段代码可能应该工作:

<?php
require_once('../common/connector/scheduler_connector.php');
require_once('../common/config.php');

$user_id = intval($_GET['user']);
$location_id = 11;
$scheduler = new schedulerConnector($res, $dbtype);
function default_values($action){
  global $user_id, $location_id;

  $event_type = $action->get_value("event_type");
  if ($event_type == ""){
    $action->set_value("event_type",'0');
  }

  $action->set_value("userId",$user_id);
  $action->set_value("locationId", $location_id);
}

$scheduler->event->attach("beforeProcessing","default_values");

$scheduler->filter("userId", $user_id);

$scheduler->render_table("events_shared","event_id","start_date,end_date,text,event_type,userId");
于 2014-03-19T08:26:39.737 回答