在准备语句中爆炸参数

时间:2019-01-03 15:24:37

标签: prepared-statement explode

我对参数查询有问题,目标是通过输入检索并发送给查询的多个条件来显示搜索结果,并分隔逗号的每个条件,这就是查询被阻止的地方,这里是查询 如果有人知道如何将逗号置于通过$ _POST ['symptome'] [$ count]检索到的id级别,那么我就是接受者。

谢谢你,新年快乐

   html formular <?php
require('inc\db\connection.php');
$database = new Connection();
$db = $database->openConnection();

function fill_select_box($db)
{
  $output = '';
  $query = "SELECT * FROM symptomes ORDER BY libelle ASC";
  $statement = $db->prepare($query);
  $statement->execute();
  $result = $statement->fetchAll();

  foreach ($result as $row) {
    $output .= '<option value="' . $row["id"] . '">' .strtoupper($row["libelle"]). '</option>';
  }
  return $output;
}

?>

<!DOCTYPE html>
<html>
 <head>
  <title>ORACLE</title>
   <link rel="stylesheet" href="./assets/css/bootstrap.min.css" />
  <link rel="stylesheet" href="./assets/css/all.css" />
 </head>
 <body>
  <br />
  <div class="container">
   <h3 align="center">MOTEUR DE RECHERCHE MALADIES PAR RAPPORT AUX SYMPTOMES</h3>
   <br />
   <br />
   <div class="row">
   <div class="col-4">
   <form method="post" id="get_disease">
    <div class="table-repsonsive">
     <span id="error"></span>
     <h4 align="center">SYMPTOMES</h4>
     <table class="table table-borderless" id="item_table">
     <tr>
       <th>Veuillez indiquer vos symptomes</th>
       <th><button type="button" name="add" class="btn btn-success btn-sm add"><span class="fas fa-plus"></span></button></th>
      </tr>
     </table>
     <div align="center">
      <input type="submit" name="submit" class="btn btn-info" value="RECHERCHER" />
     </div>
    </div>
   </form>
   </div>
   <div class="col-8">
   <h4 align="center">MALADIES</h4>
   <div id="show" class="table-responsive">
   </div>
   </div>
 </div>
  <script src="./assets/js/jquery.min.js"></script>
   <script src="./assets/js/bootstrap.bundle.min.js"></script>
   </body>
</html>
<script>
$(document).ready(function () {

$(document).on('click', '.add', function () {
    var html = '';
    html += '<tr>';
    html += '<td><select name="symptome[]" class="form-control item_symptome"><option value="">--Choix symptomes--</option><?php echo fill_select_box($db); ?></select></td>';
    html += '<td><button type="button" name="remove" class="btn btn-danger btn-sm remove"><span class="fas fa-minus"></span></button></td></tr>';
    $('#item_table').append(html);
    $('#show').load('search.php');
});

$(document).on('click', '.remove', function () {
    $(this).closest('tr').remove();
});

$('#get_disease').on('submit', function (event) {
    event.preventDefault();

    var error = '';
    $('.item_symptome').each(function () {

        var count = 1;
        if ($(this).val() == '') {

            error += "<p>Veuillez indiquer au moins un symptome</p>";
            return false;
        }
        count = count + 1;
    });
    var form_data = $(this).serialize();
    if (error == '') {
        $.ajax({
            method: "POST",
            url: "search.php",
            data: form_data,
            success: function (data) {

              $( '#show' ).html(data);

            }
        });
    } else {
        $('#error').html('<div class="alert alert-danger">' + error + '</div>');
    }

});


});
</script>


php scritp <?php
require('inc\db\connection.php');

try {
    $database = new Connection();
    $db = $database->openConnection();

    if (isset($_POST['symptome'])) {

        for ($count = 0; $count < count($_POST['symptome']); $count++) {

            $query = "SELECT
      maladie_symptome.maladie_id,
      maladies.libelle AS maladie,
      group_concat( symptomes.libelle SEPARATOR ',' ) AS symptome,
      count( * ) AS correspondance 
  FROM
      maladie_symptome
      JOIN symptomes ON maladie_symptome.symptome_id = symptomes.id
      JOIN maladies ON maladie_symptome.maladie_id = maladies.id 
  WHERE
      maladie_symptome.symptome_id IN (:symp)
  GROUP BY
      maladies.id 
  ORDER BY
      count( * ) DESC,
      maladies.libelle
      LIMIT 0,5";


            $statement = $db->prepare($query);
            $statement->execute(
                array(
                    ':symp' => implode(",", explode("\n", $_POST['symptome'][$count]))
                )
            );
        }
        $facteur = 10;
        $result = $statement->fetchAll();
        echo '<table class="table table-borderless">'
            . '<thead>'
            . '<tr>'
            . '<th scope="col">Maladie</th>'
            . '<th scope="col">Sympôtme</th>'
            . '<th scope="col">%</th>'
            . '</tr>'
            . '</thead>';
        foreach ($result as $row) {
            $maladie = $row['maladie'];
            $symptome = $row['symptome'];
            $correspondance = $row['correspondance'];
            echo '<tbody>'
                . '<tr>'
                . '<td>' . $maladie . '</td>'
                . '<td>' . $symptome . '</td>'
                . '<td>' . $correspondance * $facteur . '</td>'
                . '</tr>';


        }

        echo '</tbody>'
            . '</table>';

    }
} catch (PDOException $e) {

    echo "Il y a un problème de connexion: " . $e->getMessage();

}

0 个答案:

没有答案
相关问题
最新问题