将学生ID传递给编辑页面

时间:2017-06-16 07:59:35

标签: php html mysqli

我目前在学生管理页面上工作,我在编辑页面显示学生数据时遇到了一些问题,以确定我在点击编辑时使用传递ID的学生。

我的编辑页面查询 

<?php
  $user = $_GET["id"];
  $query = "SELECT *  FROM kuala_lumpur UNION ALL 
                SELECT *FROM eastern UNION ALL
                    SELECT *FROM northern UNION ALL
                        SELECT * FROM sabah UNION ALL
                            SELECT * FROM sarawak  
                         WHERE ID_NO = '$user'";
  $result = mysqli_query($conn,$query) or die ('query die'); 
  $userget =mysqli_fetch_assoc($result);
  ?>


<div class="thebox  thebox-more">
<form method="post">
  <table class="table tablo center-hr " border="0">
    <tr><th colspan="6"><h3>Student Information</h3></th>

    <tr class="text-right">
        <td><label>Name</label></td>
        <td colspan="5"><input type="text" name="NAME" value="<?php echo $userget['NAME']; ?>"></td>

    <tr class="text-right">
        <td><label>Student IC</label></td>
        <td colspan="2"> <input type="text" name="IC_NO" value="<?php echo $userget['IC_NO']; ?>"  ></td> 

        <td><label>Student ID</label></td>
        <td colspan="2"> <input type="text" name="ID_NO" value="<?php echo $userget['ID_NO']; ?>"></td> 
    </tr></i>

我的学生名单 

    $th1 = 'Student ID';
    $th2 = 'Name';
    $th3 = 'Course';
    $th4 = 'Convocation Date';
    $th5 = 'Edit';

    $td1 = 'ID_NO';
    $td2 = 'NAME';
    $td3 = 'PROGRAM_CODE';
    $td4 = 'CONVO_DATE';
    $td5 = 'PROGRAM_DESC';

    <div class ="table tbody" >
        <table class="table table-hover bg-brand" data-toggle="table" >
        <?php
            if (mysqli_num_rows($query) > 0) {

    echo "<thead>
        <tr>
            <th class='text-center'>".$th1."</th>
            <th class='text-center'>".$th2."</th>
            <th class='text-center'>".$th3."</th>
            <th class='text-center'>".$th5."</th>
        </tr>
    </thead>";
                while($row = mysqli_fetch_assoc($query)) {   
    echo "<tbody>
        <tr>
            <td class='text-center'>".$row[$td1]."</td>
            <td>".$row[$td2]."</a><br>
            <b style='padding-left:7px;'><i>".$row[$td5]."</i></b></td>
            <td class='text-center'>".$row[$td4]."</td>
            <td><center><a href=\"info.php?id={$row[$td1]}\">X</a></center></td></tr>
        </tr>
    </tbody>";      
            } 
        }?>
</i>

我点击其他学生后我显示的数据没有变化UNION ALL我感觉查询中存在问题,但我尝试多次更改但仍然没有运气......

1 个答案:

答案 0 :(得分:0)

我认为where子句仅适用于代码中的最后一个查询。此外,通过确保用户标识是一个整数来防止SQL注入攻击。

     $user = intval($_GET["id"]);
      $query = "

                        SELECT * 
                        FROM kuala_lumpur 
                        WHERE ID_NO = '$user'
                    UNION ALL 
                        SELECT * 
                        FROM eastern 
                        WHERE ID_NO = '$user'
                    UNION ALL
                        SELECT * 
                        FROM northern 
                        WHERE ID_NO = '$user'
                    UNION ALL
                        SELECT * 
                        FROM sabah 
                        WHERE ID_NO = '$user'
                    UNION ALL
                        SELECT * 
                        FROM sarawak  
                        WHERE ID_NO = '$user'";
       $result = mysqli_query($conn,$query) or die ('query die'); 
       $userget =mysqli_fetch_assoc($result);

当您在HTML输入字段中包含数据库中的数据时,最好将其转义:

<?php echo htmlspecialchars($userget['NAME'], ENT_QUOTES); ?>

还有其他问题需要解决吗?

相关问题
最新问题