0
我目前正試圖從兩個不同的表格中獲取兩段數據,並以「編輯」類型格式顯示它們。
我可以使用$ _GET [id]變量作爲使用incidentID主鍵引用的方式來顯示「事件」或「位置」。我想過設置我的數據庫自動序列,以便事件和位置是同步的,但這不是一個真正的解決方案。
如何使用$ _GET [id]變量來調用兩個不同的表?
代碼如下,在一個側面說明我知道我的sql是打開注射,我應該打耳光不要使用PDO。
我可以添加數據庫結構,如果這樣做完全有幫助,但我寧願將數據庫結構保留在當前位置。
首先搜索數據 FILE)。 '\ connection.php';
// Process the search query
if(isset($_POST['searchquery']) && $_POST['searchquery'] != ""){
// run code if condition meets here
$searchquery = preg_replace('#[^a-z 0-9?]#i', '', $_POST['searchquery']);
if($_POST['filter1'] == "0"){
$sqlCommand = "SELECT * FROM `incident` WHERE `iTypeID` = 0 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "1"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "2"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filer1'] == "3"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 3 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "4"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "5"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "6"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "7"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}
$query = mysql_query($sqlCommand) or die(mysql_error());
$count = mysql_num_rows($query);
if($count >= 1){
while($row = mysql_fetch_array($query)){
$incidentID = $row["incidentID"];
$dangerLevel =$row["dangerLevel"];
$search_output .= "Item ID: <br> $incidentID <br> Danger Level: <br> $dangerLevel<br/>
<a href=\"modify_incident.php?id=" . $row['incidentID'] . "\">Modify Entry</a>
<span> </span>
<a href=\"delete_incident.php?id=" . $row['incidentID'] . "\">Delete Entry</a> <br /><br />";
} // close while
} else {
}
}
?>
<html>
<head>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<legend>Incident Search Form</legend>
<p><label>Search a Disaster (by name): <input name="searchquery" type="text"></label></p>
<p><label>Search by Type<select name="filter1"></label></p>
<option value="0">None</option>
<option value="1">Fire</option>
<option value="2">Flood</option>
<option value="3">Hurricane</option>
<option value="4">Tropical Storm</option>
<option value="5">LandSlide</option>
<option value="6">Biological Outbreak</option>
</select>
</fieldset>
<input name="myBtn" type="submit">
<br />
<br />
<div>
<?php echo $search_output; ?>
</div>
</form>
</body>
</head>
</html>
修改搜索後的數據 FILE)。 '\ connection.php';
if(!isset($_POST['submit'])){
$q = "SELECT * FROM incident WHERE incidentID = $_GET[id]";
$ql = "SELECT * FROM location where locationID = $_GET[id]";
$results = mysql_query($q);
$incident = mysql_fetch_array($results);
$results2 = mysql_query($ql);
$incident2 = mysql_fetch_array($results2);
}
?>
</html>
<head>
<body>
<h1>You are Modifying an Incident</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<legend>Incident</legend>
<p><label>Disaster Name: <input type="text" name ="inputIncident" value = "<?php echo $incident['disasterName']; ?>" placeholder = "SampleTree Fire" /></label></p>
<p><label>Disaster Description: <input type="text" name ="inputDescription" value = "<?php echo $incident['description']; ?>" placeholder = "Large Forest fire near" /></label></p>
<p><label>Time of Incident: <input type="time" name ="inputTime" value = "<?php echo $incident['time']; ?>" placeholder = "hh:mm:ss"/></label></p>
<p><label>Date of Incident: <input type="date" name ="inputDate" value = "<?php echo $incident['date']; ?>" placeholder = "yyyy/mm/dd"/></label></p>
<p><label>Danger of Incident: <input type="number" name ="inputdangerLevel" placeholder = "1-10" value = "<?php echo $incident['dangerLevel']; ?>" /></label></p>
<p><label for ="type">Select Disaster Type:</label>
<select id="type" name="type" value = "<?php echo $incident['iTypeID']; ?>"
<option value="0">None</option>
<option value="1">Fire</option>
<option value="2">Flood</option>
<option value="3">Hurricane</option>
<option value="4">Tropical Storm</option>
<option value="5">LandSlide</option>
<option value="6">Biological Outbreak</option>
</select>
</fieldset>
<fieldset>
<legend>Location</legend>
<p><label>Street Name:<input type="text" name ="inputStreet" value = "<?php echo $incident2['streetName']; ?>" placeholder = "Avalon Place" /></label></p>
<p><label>Street Number:<input type="number" name ="inputNumber" value = "<?php echo $incident2['streetNumber']; ?>" placeholder = "9" /></label></p>
<p><label>Suburb:<input type="text" name ="inputSuburb" value = "<?php echo $incident2['suburb']; ?>" placeholder = "Upper Kedron" /></label></p>
<p><label>Postcode:<input type="text" name ="inputPostCode" value = "<?php echo $incident2['postCode']; ?>" placeholder = "4055" /></label></p>
<p><label>Region:<input type="number" name ="inputRegion" value = "<?php echo $incident2['region']; ?>" placeholder = "4" /></label></p>
<p><label>Lattitude:<input type="text" name ="inputLattitude" value = "<?php echo $incident2['mapLat']; ?>" placeholder = "136.10" /></label></p>
<p><label>Longitude:<input type="text" name ="inputLongitude" value = "<?php echo $incident2['mapLon']; ?>" placeholder = "182.86" /></label></p>
<p><label for ="state">State:</label>
<select id="state" name="state" value = "<?php echo $incident2['state']; ?>">
<option value="QLD">QLD</option>
<option value="NSW">NSW</option>
<option value="NT">NT</option>
<option value="ACT">ACT</option>
<option value="SA">SA</option>
<option value="WA">WA</option>
<option value="TAS">TAS</option>
</select>
</fieldset>
</p>
<br/>
</fieldset>
<input type="hidden" name="id" value="<?php echo $_GET['id'];?>"/>
<!--<input type="hidden" name="id2" value="<?php echo $_GET['id'];?>"/>-->
<input type="submit" name="submit" value="modify"/>
</form>
</body>
</head>
</html>
<?php
if(isset($_POST['submit'])){
$u = "UPDATE incident SET `disasterName`='$_POST[inputIncident]',
`description`='$_POST[inputDescription]',
`time`='$_POST[inputTime]',
`date`='$_POST[inputDate]',
`dangerLevel`='$_POST[inputdangerLevel]',
`iTypeID`='$_POST[type]'
WHERE incidentID = $_POST[id]";
$ul = "UPDATE location SET `streetName`='$_POST[inputStreet]',
`steetNumber`='$_POST[inputNumber]',
`suburb`='$_POST[inputSuburb]',
`postcode`='$_POST[inputPostCode]',
`region`='$_POST[inputRegion]',
`lattitude`='$_POST[inputLattitde]',
`longitude`='$_POST[inputLongitude]',
`state`='$_POST[state]'
WHERE locationID = $_POST[id]";
mysql_query($u) or die (mysql_error());
mysql_query($ul) or die (mysql_error());
echo "User has been modified!";
header ('Location: output.php');
} else{
}
?>
Incident
Column Type Null Default Links to
incidentID int(15) No
dangerLevel int(2) No
description varchar(250) No
time time No
date date No
isresolved tinyint(1) No
locationID int(11) No location -> locationID
isPublic tinyint(1) No
iTypeID int(11) No itype -> iTypeID
disasterName text No
Location
Column Type Null Default
locationID int(10) No
postCode int(4) No
region text No
state text No
mapLat float No
mapLon float No
streetNumber int(11) No
streetName text No
suburb text No
我想我可能會發現不同的方式做到這一點,但仍然需要一個小手做的話,怎麼會一個這個擴展出這麼$行[「incidentID」]和$行[「locationID」 ]將被分配給ID和ID2?
<a href=\"modify_incident.php?id=" . $row['incidentID'] . "\">Modify Entry</a>
您的腳本容易受到SQL注入的影響。你應該肯定[修復](http://stackoverflow.com/q/60174/53114)。 – Gumbo