1. 首頁
  2. 問答
  3. 如何在每行上添加查看按鈕以查看該特定名稱的詳細信息

如何在每行上添加查看按鈕以查看該特定名稱的詳細信息

2015-06-09 41 views
-2

在此,我想在每一行中添加一個查看按鈕。所以,當我點擊查看按鈕時,它會轉到那個特定的人並顯示他的細節。如何在每行上添加查看按鈕以查看該特定名稱的詳細信息

這裏是我的代碼:(的index.php)

<?php 
include 'DBConfig.php'; 
//Insert or Update contact information 
if(isset($_POST['action_type'])) 
{ 
    if ($_POST['action_type'] == 'add' or $_POST['action_type'] == 'edit') 
    { 
     //Sanitize the data and assign to variables 
     $contact_id = mysqli_real_escape_string($link, strip_tags($_POST['ContactID'])); 
     $fname = mysqli_real_escape_string($link, strip_tags($_POST['fname'])); 
     $lname = mysqli_real_escape_string($link, strip_tags($_POST['lname'])); 
     $contact_no = mysqli_real_escape_string($link, strip_tags($_POST['ContactNo'])); 
     $Address = mysqli_real_escape_string($link, strip_tags($_POST['Address'])); 


     if ($_POST['action_type'] == 'add') 
     { 
      $sql = "insert into tblcontact set 
        first_name = '$fname', 
        last_name = '$lname', 
        contact_no = '$contact_no', 
        address = '$Address'"; 

     }else{ 
      $sql = "update tblcontact set 
        first_name = '$fname', 
        last_name = '$lname', 
        contact_no = '$contact_no', 
        address = '$Address', 
        where contact_id = $contact_id"; 
     } 


     if (!mysqli_query($link, $sql)) 
     { 
      echo 'Error Saving Data. ' . mysqli_error($link); 
      exit(); 
     } 
    } 
    header('Location: contactlist.php'); 
    exit(); 
} 
//End Insert or Update contact information 

//Start of edit contact read 
$gresult = ''; //declare global variable 
if(isset($_POST["action"]) and $_POST["action"]=="edit"){ 
    $id = (isset($_POST["ci"])? $_POST["ci"] : ''); 
    $sql = "select contact_id, first_name, last_name, 
      contact_no,address from tblcontact 
      where contact_id = $id"; 

    $result = mysqli_query($link, $sql); 

    if(!$result) 
    { 
     echo mysqli_error($link); 
     exit(); 
    } 

    $gresult = mysqli_fetch_array($result); 

    include 'update.php'; 
    exit(); 
} 
//end of edit contact read 

//Start Delete Contact 
if(isset($_POST["action"]) and $_POST["action"]=="delete"){ 
    $id = (isset($_POST["ci"])? $_POST["ci"] : ''); 
    $sql = "delete from tblcontact 
      where contact_id = $id"; 

    $result = mysqli_query($link, $sql); 

    if(!$result) 
    { 
     echo mysqli_error($link); 
     exit(); 
    } 

} 
//End Delete Contact 

//Read contact information from database 
$sql = "select contact_id, CONCAT(first_name,' ' , last_name) as contact_name, 
     contact_no, address from tblcontact"; 

$result = mysqli_query($link, $sql); 

if(!$result) 
{ 
    echo mysqli_error($link); 
    exit(); 
} 

$contact_list = array(); 
//Loo through each row on array and store the data to $contact_list[] 
while($rows = mysqli_fetch_array($result)) 
{ 
    $contact_list[] = array('contact_id' => $rows['contact_id'], 
          'contact_name' => $rows['contact_name'], 
          'contact_no' => $rows['contact_no'], 
          'address' => $rows['address']); 

} 
include 'contactlist.php'; 
exit(); 
?>

來源

2015-06-09 Anchal Koul

+1

SO是不是免費的代碼編寫服務,你至少應該表現出一定的努力而實現這一 – Viral

+0

那你嘗試做了什麼?請注意,使用SQL的PDO擴展將更容易,因爲您不必轉義特殊字符 – Sw4Tish

回答

0

它必須是在你的contactlist.php

在那裏,foreach()循環內,加這個。

例:

foreach($contact_list as $contact){ 
    echo '<td>'.$contact['contact_id'].'</td>'; 
    echo '<td>'.$contact['contact_name'].'</td>'; 
    echo '<td>'.$contact['contact_no'].'</td>'; 
    echo '<td>'.$contact['address'].'</td>'; 
    echo '<td><a href="action.php?id='.$contact['contact_id'].'">Action</a></td>'; 
}

注意這一行:

echo '<td><a href="action.php?id='.$contact['contact_id'].'">Action</a></td>';

來源

2015-06-09 09:47:28

+0

此代碼容易受到XSS注入的影響 - 請記住在呈現受用戶干擾的值時轉義HTML實體。 – halfer

+0

@halfer這些來自數據庫......我相信在將數據插入到數據庫之前應該對數據進行清理。 –

+0

不,一般來說這是錯誤的地方 - 因爲它是一個輸出問題,它通常被認爲是在輸出上修復的東西。另外,如果您改變主意並將字段轉換爲(安全)HTML格式存儲,則必須重寫字段,前提是您已將其轉換爲實體(或將其再次轉換爲實體)。 – halfer

相關問題

 相關問題