我正在处理一项任务,它要求我从3aStudent_slip.php中选择一个"slip_id",并将其传递给4aservice_request.php,并填充php代码中正在构建的表。我没有任何php类,所以我真的很难理解为什么它没有从服务器上的"ProgrammingDatabase"中获取任何数据库。
正在使用以下代码。。。
<?php
require_once('auth.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Service Requests</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="innerWrapper">
<h1>Service request by <?php echo $_SESSION['SESS_FIRST_NAME'];?></h1>
<a href="index.php">Login Page</a> |
<a href="amenu.php">Menu Page</a> |
<a href="logout.php">Logout</a>
<?php
$slip_id = strtoupper($_POST['slip_id']);
echo("<h2>Services for Slip ID $slip_id</h2>");
//Verify Password
$vlogin=$_SESSION['vlogin'];
$vpassword=$_SESSION['vpasswd'];
//Connection String
$con=mysql_connect("localhost", $vlogin, $vpasswd);
if(!$con)
{
die("Could not connect".mysql_error());
}
//Select Database
mysql_select_db("ProgrammingDatabase", $con);
//The actual SQL code goes below into the structured variable $result
$result=mysql_query("SELECT * FROM service_request");
//Constructing the table and column names
echo "<table border='1'>
<tr>
<th>Service ID</th>
<th>Description</th>
</tr>";
//Looping until there are no more records from $result
//If there are records, print the column for that row
//do the while loop below with the variables from $result
while($row=mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>".$row['service_id']."</td>";
echo "<td>".$row['description']."</td>";
echo "</tr>";
}
echo "</table>";
//Close the SQL connection string
mysql_close($con);
?>
<br />
<form action="a4Services_Student.php " method="post">
<br />
</form>
</div>
</body>
</html>
正如一些评论已经指出的,您正在使用的函数是不安全的,而且还会贬值。最好的方法是使用PDO。我这里有一个例子https://snippetbox.xyz/5c3db100112bca204643/
<?php
/** How to get information out a database securely **/
$id = 6; // example value
//connect to mysql database using pdo
$conn = new PDO('mysql:host=localhost;dbname=someDatabase', $username, $password);
$query = "SELECT * FROM myTable WHERE id = :id";
//prepare the statement to avoid sql injection
$stmt = $conn->prepare($query);
//load variable into the statement and execute
$stmt->execute(array('id' => $id));
//fetch the results
$rows = $stmt->fetchAll(PDO::FETCH_OBJ);
//loop through all the lines
foreach ($rows as $row){
//loop through results here
//example
//echo $row->value;
}
?>