-2
我的PHP代碼就像下面這樣,它是一個程序化定製的框架,在這裏我們使用mysqli來獲得更好的SQL處理。由於這是一個非常小的項目,我們不使用OOP PHP。經過優化的PHP代碼
For $_GET we are using like this to get rid of SQL Injection
$FROM = mysqli_real_escape_string($conn, $_GET['From']);
但我並不滿足龐大的代碼如下面給出的,我需要更好的代碼編寫
和幾個基本安全或縮小。
<?php
error_reporting(E_ALL);
$FROM = '';
$TO = '';
$TYPE ='';
$bus_from = '';
$bus_to = '';
$type='';
$rowNumber = '';
$DATEPICK='';
$date_type='';
$displayBanner_error ='';
$busSearch_error = "<li>There is no Bus in our Database that you're searching for!</li>";
$FROM = mysqli_real_escape_string($conn, $_GET['From']);
$TO = mysqli_real_escape_string($conn, $_GET['To']);
$TYPE = mysqli_real_escape_string($conn, $_GET['bustype']);
$DATEPICK = $_GET['txtboxDate'];
$date_type = new DateTime($_GET['txtboxDate']);
$get_bus_details = mysqli_query($conn, "SELECT DISTINCT bus.*
, weekdays.*
, bus_notavailable.*
, weekday_time.*
, bus.bus_id
, bus.bus_name
, bus.bus_type
, bus.bus_seats
, bus.bus_arrivaltime
, bus.bus_departuretime
, bus.bus_startstation
, bus.bus_fare
, bus.bus_endstation
, bus.bus_availableseats
, bus.bus_reservedseats
, bus.bus_code
, weekdays.weekday_id
, weekdays.bus_id
, weekdays.monday
, weekdays.tuesday
, weekdays.wednesday
, weekdays.thursday
, weekdays.friday
, weekdays.saturday
, weekdays.sunday
, weekday_time.weekday_time_id
, weekday_time.bus_id
, weekday_time.monday_time
, weekday_time.tuesday_time
, weekday_time.wednesday_time
, weekday_time.thursday_time
, weekday_time.friday_time
, weekday_time.saturday_time
, weekday_time.sunday_time
, bus_notavailable.nodate_id
, bus_notavailable.bus_id
, bus_notavailable.bus_nodate
FROM
bus
INNER JOIN weekdays
ON bus.bus_id = weekdays.bus_id
INNER JOIN weekday_time
ON weekdays.bus_id = weekday_time.bus_id
INNER JOIN bus_notavailable
ON bus.bus_id = bus_notavailable.bus_id
WHERE
bus.bus_startstation = '$FROM'
AND bus.bus_endstation = '$TO'
AND bus.bus_type = '$TYPE'
ORDER BY
bus.bus_id ASC") or die($busSearch_error);
if(!empty($FROM) && !empty($TO))
{
$bus_from = $FROM;
$bus_to = $TO;
$type = $TYPE;
$i=1;
$row_color = 1;
// create while loop to fetch all data queried from the bus table
while($row = mysqli_fetch_array($get_bus_details))
{
// alternating row color
$row_color = 1 - $row_color;
// row number
$rowNumber = $i++;
// create some variables to assign bus data
$bus_id = $row['bus_id'];
$bus_name = $row['bus_name'];
$bus_type = $row['bus_type'];
$bus_seats = $row['bus_seats'];
$bus_arrivaltime = $row['bus_arrivaltime'];
$bus_departuretime = $row['bus_departuretime'];
$bus_startstation = $row['bus_startstation'];
$bus_fare = $row['bus_fare'];
$bus_endstation = $row['bus_endstation'];
$bus_availableseats = $row['bus_availableseats'];
$bus_reservedseats = $row['bus_reservedseats'];
$bus_code =$row['bus_code'];
$monday = $row['monday'];
$tuesday = $row['tuesday'];
$monday_time = $row['monday_time'];
echo
'<table cellpadding="0" cellspacing="0">'.
'<tr class="x">'.
'<td width="10%" >BUS NAME</td>'.
'<td width="10%">FROM</td>'.
'<td width="10%"> TO</td>'.
'<td width="10%">TOTAL SEATS</td>'.
'<td width="10%">AVAILABLE SEATS </td>'.
'<td width="10%">ARRIVAL TIME</td>'.
'<td width="10%">FARE</td>'.
'<td width="10%">BUS REG NO</td>'.
'<td width="10%">AVAILABLE DAYS</td>'.
'<td width="10%">AVAILABLE TIMES</td>'.
'<td width="10%">BUS TYPE</td>'.
'</tr>'.
'<tr class="y">'.
'<td>'.$bus_name.'</td>'.
'<td>'.$bus_startstation.'</td>'.
'<td>'.$bus_endstation.'</td>'.
'<td>'.$bus_seats.'</td>'.
'<td>'.$bus_availableseats.'</td>'.
'<td>'.$bus_arrivaltime.'</td>'.
'<td>'.$bus_fare.'</td>'.
'<td>'.$bus_code.'</td>'.
'<td>Keep Them in a Array and Display Here</td>'.
'<td>Keep Them in a Array and Display Here</td>'.
'<td>'.$bus_type.'</td>'.
'</tr>'.
'</table>';
}
echo $displayBanner_error;
}
?>
那麼你的問題是什麼? – bartlaarhoven
屬於codereview.stackexchange.com – FabienAndre
它可以用更好的方式寫入嗎? – Sashikant