0
我已經創建了巴士路線搜索功能。當我從開始的公共汽車站尋找到年底公交車站我沒有得到任何結果巴士路線數據庫
<DOCTYPE! html>
<head>
<title>Search</title>
<body>
Enter info below:
<br />
<form action='routes.php' action='get'>
Start Destination:
<select name="start">
<option value="StopA">Stop A</option>
</select>
<br />
End Destination:
<select name="stop">
<option value="StopZ">Stop Z</option>
</select>
Departing between (start):
<select name="start_time">
<option value="13:40">13:40</option>
<option value="13:45">13:45</option>
<option value="13:50">13:50</option>
<option value="13:55">13:55</option>
</select>
<br />
Departing between (end):
<select name="end_time">
<option value="13:40">13:40</option>
<option value="13:45">13:45</option>
<option value="13:50">13:50</option>
<option value="13:55">13:55</option>
</select>
<input type="submit" value="Submit">
</form>
和「路線」頁面它連接到我的數據庫
<?php
mysql_connect('', '', '');
$start = $_GET['start'];
$stop = $_GET['stop'];
$start_time = $_GET['start_time'];
$end_time = $_GET['end_time'];
$query = mysql_query("SELECT * FROM searchengine.times where STOP_1 = '$start' and STOP_7 = '$stop' and time(time) between '$start_time' and '$end_time'") or die(mysql_error());
echo "<table border='1'>";
echo "<tr> <th>Departure Time</th> <th>Route No.</th> <th>Stop 1</th> <th>Stop 2</th> <th>Stop 3</th> <th>Stop 4</th> <th>Stop 5</th> </tr>";
while($row = mysql_fetch_array($query))
{
echo "<tr><td>";
echo $row['time'];
echo "</td><td>";
echo $row['route_no'];
echo "</td><td>";
echo $row['STOP_1'];
echo "</td><td>";
echo $row['STOP_2'];
echo "</td><td>";
echo $row['STOP_3'];
echo "</td><td>";
echo $row['STOP_4'];
echo "</td><td>";
echo $row['STOP_5'];
echo "</td></tr>";
echo $row['STOP_6'];
echo "</td></tr>";
echo $row['STOP_7'];
echo "</td></tr>";
}
echo "</table>";
?>
:我創建了一個索引頁。
我的數據庫看起來像這樣:
time(PM) STOP_1 STOP_2 STOP_3 STOP_4 STOP_5 STOP_6 STOP_7 route_no.
13:00
13:20
13:40
14:00
這是正確的嗎?任何人都可以看到問題是在哪裏與我的代碼,或者如果任何人有任何建議,如何更好地,我會非常感激。
親切的問候,重點
注意所使用的關鍵字:你有一個SQL注入安全問題。您使用的輸入始終是不安全的,並將其放入sql字符串中取消選中。在將它放到公共服務器上之前,請確保您瞭解sql注入。 – Meier