1
我做了一個php頁面,我從欄中獲取數據,但是當我單擊cmd = 7和mode =測試它移動cmd = default時,我如何設置指向所需頁面的鏈接。如何將頁面移動到所需的路徑?
這裏是我的代碼:
function default1(){
$mode=$_GET['mode'];
if($mode=='')
{
$mode=$_POST['mode'];
}
$dates = array();
$timestamp = strtotime('-30 days');
for ($i = 0 ; $i <=30 ; $i++) {
//insert the date
$dates[$i]= date('m-d-Y', $timestamp);
//increase the day
$timestamp += 24 * 3600;
}
//print_r ($dates);
$strQuery="select DATE_FORMAT(transactions.transaction_date,'%m-%d-%Y') as transaction_date,sum(amount)as Amount from transactions where mode='".$mode."' group by DATE_FORMAT(transactions.transaction_date,'%m-%d-%Y')";
$result = $GLOBALS ['mysqli']->query ($strQuery) or die ($GLOBALS ['mysqli']->error . __LINE__);
while($rs=$result->fetch_assoc())
{
$res[]=$rs;
}
//print_r ($res);
$strXML = "<chart caption='Reports of transactions' xAxisName='Date' yAxisName='Amount' showValues='0' useRoundEdges='1' palette='3'>";
for ($i = 0 ; $i <=30 ; $i++) {
foreach($res as $r)
{
if($r['transaction_date']==$dates[$i]){
$str = $r['transaction_date'];
$dateObj = DateTime::createFromFormat('m-d-Y', $str);
$transactiondate=$dateObj->format('M d');
$substrXML = "<set label='".$transactiondate."' value='" .$r['Amount']."' />";
break;
}
else {
$str=$dates[$i];
$dateObj = DateTime::createFromFormat('m-d-Y', $str);
$transactiondate=$dateObj->format('M d');
$substrXML = "<set label='".$transactiondate."' value='0' />";
}
}
$strXML .=$substrXML;
}
$strXML .= "</chart>";
return $strXML;
}
function past7days(){
//$mode=$_GET['mode'];
//if($mode=='')
//{
//$mode=$_POST['mode'];
//}
$dates = array();
$timestamp = strtotime('-7 days');
for ($i = 0 ; $i <=7 ; $i++) {
$dates[$i]= date('m-d-Y', $timestamp);
$timestamp += 24 * 3600;
}
$strQuery="select DATE_FORMAT(transactions.transaction_date,'%m-%d-%Y') as transaction_date,sum(amount)as Amount from transactions WHERE transaction_date BETWEEN DATE_SUB(CURDATE(), INTERVAL 7 DAY) AND CURDATE() and mode='".$mode."' group by DATE_FORMAT(transactions.transaction_date,'%m-%d-%Y')
";
$result = $GLOBALS ['mysqli']->query ($strQuery) or die ($GLOBALS ['mysqli']->error . __LINE__);
while($rs = $result->fetch_assoc())
{
$res[]=$rs;
}
$strXML = "<chart caption='Reports of transactions' xAxisName='Date' yAxisName='Amount' showValues='0' useRoundEdges='1' palette='3'>";
for ($i = 0 ; $i <=7 ; $i++) {
if(mysqli_num_rows($result)>0){
foreach($res as $r)
{
if($r['transaction_date']==$dates[$i]){
$str = $r['transaction_date'];
$dateObj = DateTime::createFromFormat('m-d-Y', $str);
$transactiondate=$dateObj->format('M d');
$substrXML.="<set label='".$transactiondate."' value='".$r['Amount']."' />";
break;
}
else {
$str=$dates[$i];
$dateObj = DateTime::createFromFormat('m-d-Y', $str);
$transactiondate=$dateObj->format('M d');
$substrXML = "<set label='".$transactiondate."' value='0' />";
}
}
}
else{
$str=$dates[$i];
$dateObj = DateTime::createFromFormat('m-d-Y', $str);
$transactiondate=$dateObj->format('M d');
$substrXML = "<set label='".$transactiondate."' value='0' />";
}
$strXML .=$substrXML;
}
$strXML .= "</chart>";
return $strXML;
}
if($_GET['cmd']=='' || $_GET['cmd']=='default')
{
?>
<? echo date('M jS Y' ,strtotime($startdate)); ?> to <? echo date('M jS Y' ,strtotime($enddate)); ?>
<?
}
else
{
?>
<a href="/merchant/products/1/manage/reports?cmd=default&mode=<?=$_GET['mode']?>" style="text-decoration:none"><? echo date('M jS Y' ,strtotime($startdate)); ?> to <? echo date('M jS Y' ,strtotime($enddate)); ?></a>
<?
}
if($_GET['cmd']=='7')
{
?>
<span style="margin-left:10px;">Past 7 Days</span>
<?
}
else
{
?>
<a href="/merchant/products/1/manage/reports?cmd=7&mode=<?=$_GET['mode']?>" style="margin-left:10px; text-decoration:underline">Past 7 Days</a>
<?
您可以使用'標題( 「位置:your_desire_path」);' –
你的代碼是對SQL注入vunerable, *將*最終被濫用。神奇地將'mysql_'改爲'mysqli_'並不能解決這個問題。 – h2ooooooo