我对我的代码非常偏执,因为这是我们的论文。 我想使用$ _GET ['student_id']显示具有相同id的所有行但是datatables错误这是我的代码。
<?php
include('db.php');
include('function.php');
$query = '';
$output = array();
$id = $_GET['student_id'];
$query = 'SELECT * FROM personal WHERE student_id LIKE "%'.$_GET["student_id"].'%" ';
$statement = $connection->prepare($query);
$statement->execute();
$result = $statement->fetchAll();
$data = array();
$filtered_rows = $statement->rowCount();
foreach($result as $row)
{
$image = '';
if($row["image"] != '')
{
$image = '<img src="upload/'.$row["image"].'" class="img-thumbnail" width="50" height="35" />';
}
else
{
$image = '';
}
$sub_array = array();
$sub_array[] = $row["student_id"];
$sub_array[] = $row["firstname"]." ".$row['middlename']." ".$row['lastname'];
$sub_array[] = '<a href="edit.php?student_id='.$row["student_id"].'" class="btn btn-info btn-xs update">Personal Info</a>'." ".
'<button type="button" id="'.$row["student_id"].'" class="btn btn-info btn-xs update">Grades</button>'." ".
'<button type="button" id="'.$row["student_id"].'" class="btn btn-info btn-xs update">Payment</button>';
$sub_array[] = '<a href="view.php?student_id='.$row["student_id"].'" class="btn btn-primary btn-xs update">View</a>';
$sub_array[] = '<button type="button" name="delete" id="'.$row["student_id"].'" class="btn btn-danger btn-xs delete">Delete</button>';
$data[] = $sub_array;
}
$output = array(
"draw" => intval($_POST["draw"]),
"recordsTotal" => $filtered_rows,
"recordsFiltered" => get_total_all_records(),
"data" => $data
);
echo json_encode($output);
?>
提前致谢。
答案 0 :(得分:0)
假设student_id是数字:
$id = intval($_GET['student_id']);
$query = 'SELECT * FROM personal WHERE student_id = '.$id;
足够安全。
此外,这看起来像一个AJAX调用。让我们看一下你的Javascript调用和HTML,看看你的AJAX调用是否正在调用Datatable
答案 1 :(得分:0)
您应该使用mysqli_real_escape_string或任何其他程序转义$ _GET ['student_id']以保证安全性,或者更好地使用PDO进行make查询。