我有很多客户使用相同的名字/姓氏。但是,所有客户都有一个特定的id(OL_ID)。我的任务是,当我在port.php中单击一个客户的OL_ID时,它应该进入example.php并提取特定客户的信息。
我尝试了以下代码,但它们不起作用。它说:“再次输入正确的OL_ID!”对于所有ID。我知道example.php中有一些错误。如果有人改正,我将不胜感激。
port.php
<?php
session_start();
//connect to DB
ini_set('display_errors', 0); //<- here you can switch on and off the error reporting 0 / 1
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$host = "localhost"; $username = "root"; $password = "mysqlr00tpa55";
try
{
$myconnection = new PDO("mysql:host=$host;dbname=myDB", $username, $password);
// set the PDO error mode to exception
$myconnection ->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//ECHO "TEST";
if(isset($_POST['submit']))
{
$sql = 'SELECT * FROM OL_trans WHERE';
if (!empty($_POST['vorname']))
//Vorname
{
$sql .= ' vorname = ? AND ';
$params[] = $_POST['vorname'];
}
if (!empty($_POST['nachname']))
//Nachname
{
$sql .= ' nachname = ? AND ';
$params[] = $_POST['nachname'];
}
if (!empty($_POST['email']))
//E-mail address
{
$sql .= ' email = ? AND ';
$params[] = $_POST['email'];
}
if (!empty($_POST['strasse']))
//Strasse
{
$sql .= ' strasse = ? AND ';
$params[] = $_POST['strasse'];
}
if ( !empty($_POST['ort']) )
//Ort
{
$sql .= ' ort= ? AND ';
$params[] = $_POST['ort'];
}
if ( !empty($_POST['plz']))
//Plz
{
$sql .= ' plz= ? AND ';
$params[] = $_POST['plz'];
}
if ( !empty($_POST['telefon']))
//Telefonnummer
{
$sql .= ' telefon=? AND ';
$params[] = $_POST['telefon'];
}
if( !empty($_POST['adrZus']))
//HausnummerZusatz
{
$sql .= ' adrZus=? AND ';
$params[] = $_POST['adrZus'];
}
if( !empty($_POST['hnr']))
//Hausnummer
{
$sql .= ' hnr=? AND ';
$params[] = $_POST['hnr'];
}
$sql = rtrim($sql, 'AND ');
$stmt = $myconnection->prepare($sql);
$stmt->execute($params);
$rows = $stmt->fetchAll();
foreach($rows as $row)
{
?>
<!DOCTYPE html>
<html>
<head>
<title>Data fetched</title>
</head>
<style>
body
{
background-image: url("background.gif");
color:white;
font-size:40px;
font-family:"times new roman", times, serif;
}
</style>
<body>
<br/><br/><table align="center" border="3px" style="width:75%; line-height:40px; background-color:#616263">
<t>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Customer id</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Vorname</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Nachname</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Email Id</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Strasse</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Ort</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Plz</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Telefon</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Mobil</th>
</t>
<tr align="center">
<td style="cursor: pointer;">
<a href="example.php"><?php echo $row['OL_ID']; ?></a></td>
<td><?php echo $row['vorname'];?></td>
<td><?php echo $row['nachname'];?></td>
<td><?php echo $row['email'];?></td>
<td><?php echo $row['strasse'];?></td>
<td><?php echo $row['ort'];?></td>
<td><?php echo $row['plz'];?></td>
<td><?php echo $row['mobil'];?></td>
</tr>
</table>
</body>
</html>
<?php
}
}else
{
echo"Enter the correct information again!";
}
}
catch(PDOException $e)
{
echo "Connection failed: " . $e->getMessage();
}
?>
<html>
<head></head>
</head>
<style>
button[type=button1]
{
border-radius: 40px 10px 35px 8px;
width: 170px;height:60px;
padding-left: 3px;
color: white;
text-shadow: 2px 1px;
font-size: 28px;
background-color:rgba(238, 130, 7, 0.9);
font-weight:bolder;
}
button[type=button1]:hover
{
background-image: url("background.gif");
cursor: pointer;
color: white;
font-size:32px;
box-shadow:2px 5px;
}
</style>
<body>
<br/>
<button type="button1" onclick="goBack()"/>Zurück</button>
<script>
function goBack()
{
window.history.back();
}
</script>
</body>
</html>
这是example.php:
当我在port.php中单击OL-ID时,它应该提取所选OL_ID上的客户信息
<?php
//connect to DB
ini_set('display_errors', 1); //<- here you can switch on and off the error reporting 0 / 1 - makes life easy ;)
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
//echo $_POST['vorname'];
$debug=1;
$host = "localhost"; $username = "root"; $password = "mysqlr00tpa55";
try {
$myconnection = new PDO("mysql:host=$host;dbname=myDB", $username, $password);
// set the PDO error mode to exception
$myconnection ->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if(isset($_POST['submit'])){
$num=$_POST['OL_ID'];
$statement = $myconnection->prepare("SELECT * FROM OL_trans WHERE OL_ID LIKE '$num' ");
$statement->execute();
$key = $statement->fetchall();
foreach($key as $value){ ?>
<!DOCTYPE html>
<html>
<head>
<title>Data fetched</title>
</head>
<style>
body{
background-image: url("background.gif");
color: white;
font-weight: bolder;
font-size: 40px;
font-family: sans-serif serif cursive;
padding-top: 105px; }
</style>
<body>
<br/><br/><table align="center" border="3px" style="width:70%; line-height:80px; background-color:#616261">
<t>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Customer id</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Vorname</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Nachname</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Email Id</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Strasse</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Ort</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Plz</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Telefon</th>
<th style="color:rgba(238, 130, 7, 0.9); font-size:25px">Mobil</th>
</t>
<tr align="center">
<td><?php echo $value['OL_ID']; ?></a></td>
<td><?php echo $value['vorname']; ?></td>
<td><?php echo $value['nachname']; ?></td>
<td><?php echo $value['email']; ?></td>
<td><?php echo $value['strasse']; ?></td>
<td><?php echo $value['ort']; ?></td>
<td><?php echo $value['plz']; ?></td>
<td><?php echo $value['telefon']; ?></td>
<td><?php echo $value['mobil']; ?></td>
</tr>
</table>
</body>
</html>
<?php
}
}
else{
echo "enter the corect OL_ID again!";
}
}
catch(PDOException $e)
{
echo "Connection failed: " . $e->getMessage();
}
?>
<html>
<head></head>
<style>
button[type=button1]{
border-radius: 40px 10px 35px 8px;
width: 160px;height:55px;
padding-left: 3px;
color: white;
text-shadow: 2px 1px;
font-size: 28px;
background-color:rgba(238, 130, 7, 0.9);
font-weight:bolder;
}
button[type=button1]:hover{
background-image: url("background.gif");
cursor: pointer;
color: white;
font-size:32px;
box-shadow: 2px 5px;
}
</style>
<body>
<br/>
<button type="button1" onclick="goBack()"/>Zurück</button>
<script>
function goBack() {window.history.back();}
</script>
</body>
</html>
答案 0 :(得分:0)
首先,您在 port.php 中缺少问号(和参数名称)。更改此:
<a href="example.php"><?php echo $row['OL_ID']; ?></a>
对此:
<a href="example.php?id=<?php echo $row['OL_ID']; ?>"><?php echo $row['OL_ID']; ?></a>
第二,通过 example.php 中的$_GET而不是$_POST访问现在传递的 id 参数。更改此:
if(isset($_POST['submit'])){
$num=$_POST['OL_ID'];
对此:
if(isset($_GET['id'])){
$num=$_GET['id'];
第三,阅读有关此行的SQL注入:
$statement = $myconnection->prepare("SELECT * FROM OL_trans WHERE OL_ID LIKE '$num' ");