我想使用$ _GET [' student_id']显示具有相同ID的所有行但是数据表错误这是我的代码。一旦我从url获取id,例如: example.com/example.php?=2222
所有带2222的id都会显示出来。
Fetch.php
<?php
include('db.php');
include('function.php');
$query = '';
$output = array();
$id = $_GET['student_id'];
$query = 'SELECT * FROM personal WHERE student_id LIKE "%'.$_GET["student_id"].'%" ';
$statement = $connection->prepare($query);
$statement->execute();
$result = $statement->fetchAll();
$data = array();
$filtered_rows = $statement->rowCount();
foreach($result as $row)
{
$image = '';
if($row["image"] != '')
{
$image = '<img src="upload/'.$row["image"].'" class="img-thumbnail" width="50" height="35" />';
}
else
{
$image = '';
}
$sub_array = array();
$sub_array[] = $row["student_id"];
$sub_array[] = $row["firstname"]." ".$row['middlename']." ".$row['lastname'];
$sub_array[] = '<a href="edit.php?student_id='.$row["student_id"].'" class="btn btn-info btn-xs update">Personal Info</a>'." ".
'<button type="button" id="'.$row["student_id"].'" class="btn btn-info btn-xs update">Grades</button>'." ".
'<button type="button" id="'.$row["student_id"].'" class="btn btn-info btn-xs update">Payment</button>';
$sub_array[] = '<a href="view.php?student_id='.$row["student_id"].'" class="btn btn-primary btn-xs update">View</a>';
$sub_array[] = '<button type="button" name="delete" id="'.$row["student_id"].'" class="btn btn-danger btn-xs delete">Delete</button>';
$data[] = $sub_array;
}
$output = array(
"draw" => intval($_POST["draw"]),
"recordsTotal" => $filtered_rows,
"recordsFiltered" => get_total_all_records(),
"data" => $data
);
echo json_encode($output);
?>
DATATABLES致电 我想使用$ _GET [&#39; student_id&#39;]显示具有相同ID的所有行但是datatables错误这是我的代码。一旦我从url获取id,例如: example.com/example.php?=2222
<script type="text/javascript" language="javascript" >
$(document).ready(function(){
$('#add_button').click(function(){
$('#user_form')[0].reset();
});
var dataTable = $('#user_data').DataTable({
"processing":true,
"serverSide":true,
"order":[],
"ajax":{
url:"fetch.php",
type:"POST"
},
"columnDefs":[
{
"targets":[0, 3, 4],
"orderable":false,
},
],
});
$(document).on('click', '.delete', function(){
var user_id = $(this).attr("id");
if(confirm("Are you sure you want to delete this?"))
{
$.ajax({
url:"delete.php",
method:"POST",
data:{user_id:user_id},
success:function(data)
{
alert(data);
dataTable.ajax.reload();
}
});
}
else
{
return false;
}
});
});
</script>
这是我在过去的问题中所涉及的所有代码。 我想使用$ _GET [&#39; student_id&#39;]显示具有相同ID的所有行但是datatables错误这是我的代码。一旦我从url获取id,例如: example.com/example.php?=2222
答案 0 :(得分:0)
首先,您似乎正在使用PDO作为数据库访问层,并且prepare SQL SQL但您正在制作直接在SQL Injection内部使用变量的一个大错误。如果您已经知道如何准备SQL然后使用bind将变量绑定到变量名称,那么它就会打开$_GET['student_id']的大门。
此外,我发现您将$id绑定到$query = 'SELECT * FROM personal WHERE student_id LIKE "%'.$_GET["student_id"].'%" ';
$statement = $connection->prepare($query);
$statement->execute();
$result = $statement->fetchAll();
但未使用它,因为您不需要将接收到的变量绑定到新变量上。
要回答您的问题,请尝试使用
您的密码:
$query = 'SELECT * FROM personal WHERE student_id LIKE :id ';
$statement = $connection->prepare($query);
$statement -> bindParam(':id', $_GET['student_id']);
$statement->execute();
$result = $statement->fetch(PDO::FETCH_ASSOC);
我的建议:
def findPrimes(n):
prime_list = [2]
for number in range(3, n, 2):
if all(number % i != 0 for i in range(2, int(number ** .5) + 1)):
prime_list.append(number)
return prime_list
def displayPrimes(number, rows=100):
result_list = [[] for _ in range(rows)]
primes = findPrimes(number)
for idx, item in enumerate(primes):
row_idx = idx % rows
result_list[row_idx].append("%6d" % item)
result_str = '\n'.join(['\t'.join(i) for i in result_list])
return result_str
print(displayPrimes(4027))