在URL中使用$ _GET变量时,PHP文件损坏

时间:2019-01-31 20:54:19

标签: php

我正在使用select下拉菜单从数据库中过滤临床试验。 select下面是调用clinical_trial()类的代码。问题是,将$_GET变量?cid=附加到网址后,没有显示结果。

clinical_trials.php

<?php if($_GET['cid'])  $cid = $_GET['cid']; ?>

<?php 
  $query = "SELECT * FROM `category` ORDER BY category_name"; 
  $categories = $_db->get_results($query, ARRAY_A);  ?>

<select id="dynamic_select">
  <option value="clinical_trials.php" selected>All Categories</option>
  <?php 
    foreach($categories as $row):
      extract($row);
      echo '<option ' . ($cid == $category_id ? "selected" : "") . ' value="clinical_trials.php?cid='.$category_id.'">' . $category_name . '</option>';
    endforeach; ?>
</select>

<script>
  jQuery(document).ready(function($){
    $('#dynamic_select').on('change', function () {
      var url = $(this).val();
      if (url) window.location = url; // redirect
        return false;
    });
  });
</script>

<?php 
      $ct = new clinical_trial();  

      $params = array();

      if($cid != '')  $params['category_id'] = $cid;

      $results = $ct->search($params); 
      $file_path = CLINICAL_TRIALS_REL_PATH;
      $ts = strtotime($file_date); 

      if(count($results) > 0):
        $html  = '';
        $html .= '<table id="current-clinicals">'; 

        foreach($results as $row): 
          extract($row); 
          $html .= '<tr>';
          $html .= '<td valign="top">'.$trial_name.'</td>';
          $html .= '<td valign="top">'.$category_name.'</td>';
          $html .= '<td valign="top">'.date("m/d/Y").'</td>';
          $html .= '<td width="80" valign="top" align="center"><a href="'.$file_path . $file_name.'" target="_blank"><strong>View Here</strong></a></td>';
          $html .= '</tr>';
        endforeach; 
      else:
        $html .= '<p>No clinical trials in this category.</p>';
      endif;

      $html .= '</table>';

      echo $html; ?>

以下代码存储在 clinical_trial.php

<?php

class clinical_trial{

public function validate($post, $file, &$errors, $action='create'){

    global $_db;

    cleanup_arr($post);
    extract($post);

    $errors = array();

    $rules[] = array( 'rule'=>'', 'val'=>$lst_category_id, 'minlen'=>0, 'maxlen'=>0, 'required'=>true,  'friendly_name'=>'Category', 'var'=>'lst_category_id');
    $rules[] = array( 'rule'=>'', 'val'=>$txt_trial_name, 'minlen'=>0, 'maxlen'=>0, 'required'=>true,  'friendly_name'=>'Trial name', 'var'=>'txt_trial_name');
    $rules[] = array( 'rule'=>'', 'val'=>$txt_file_date, 'minlen'=>0, 'maxlen'=>0, 'required'=>true,  'friendly_name'=>'File date', 'var'=>'txt_file_date');


    $flag_validated = true;
    foreach($rules as $r){
        $ret = validate($r);
        $varname = $r['var'];
        if($ret != VALIDATE_SUCCESS){
            $flag_validated = false;
            $errors[$varname] = $ret;
        }
    }

    if ($action == 'create'){
        if(!is_uploaded_file($file['file_filename']['tmp_name'])){
            $flag_validated = false;
            $errors['file_filename'] = 'Please upload a file.';
        }
    }

    return $flag_validated;
}

function create($post, $file){
    global $_db;
    cleanup_arr($post);
    extract($post);

    $ts = strtotime($txt_file_date);
    $file_date = date("Y-m-d", $ts);
    $query = "INSERT INTO `clinical_trial` (trial_name, file_date, file_name, category_id) VALUES ('$txt_trial_name', '$file_date', '', $lst_category_id)";
    $_db->query($query);
    $clinical_trial_id = $_db->insert_id;

    //$filename = md5(time());
    $filename = $file_date . '-' . make_file_name($txt_trial_name);
    $filename = handle_file_upload($file['file_filename'], $filename, CLINICAL_TRIALS_ABS_PATH);
    $_db->query("UPDATE `clinical_trial` SET file_name='$filename' WHERE clinical_trial_id=$clinical_trial_id");
}

function update($post, $file){
    global $_db;
    cleanup_arr($post);
    extract($post);

    $ts = strtotime($txt_file_date);
    $file_date = date("Y-m-d", $ts);
    $query = "UPDATE `clinical_trial` SET trial_name='$txt_trial_name', category_id=$lst_category_id, file_date='$file_date' WHERE clinical_trial_id=$hdn_clinical_trial_id";
    $_db->query($query);
    if(is_uploaded_file($file['file_filename']['tmp_name'])){
        @unlink(CLINICAL_TRIALS_ABS_PATH . $_db->get_var("SELECT file_name FROM clinical_trial WHERE clinical_trial_id=$hdn_clinical_trial_id"));
        $filename = $file_date . '-' . make_file_name($txt_trial_name);
        $filename = handle_file_upload($file['file_filename'], $filename, CLINICAL_TRIALS_ABS_PATH);
        $_db->query("UPDATE `clinical_trial` SET file_name='$filename' WHERE clinical_trial_id=$hdn_clinical_trial_id");
    }
}

function delete($clinical_trial_id){
    global $_db;
    cleanup_var($clinical_trial_id);
    @unlink(CLINICAL_TRIALS_ABS_PATH . $_db->get_var("SELECT file_name FROM clinical_trial WHERE clinical_trial_id=$clinical_trial_id"));
    $_db->query("DELETE FROM `clinical_trial` WHERE clinical_trial_id=$clinical_trial_id");
}

function search($params, $order_by=''){
    global $_db;
    if($params){
      cleanup_arr($params);
      extract($params);
    }

    if($category_id != '')  $where = " AND ct.category_id=$category_id ";
    $order_by = $order_by == "" ? "file_date DESC" : $order_by;

    $query = "SELECT * FROM `clinical_trial` ct, `category` c 
                WHERE ct.category_id=c.category_id
                $where 
                ORDER BY $order_by"; 
    return $_db->get_results($query, ARRAY_A);      
}

public function get($id)
{
    global $_db;
    cleanup_var($id);

    $query = "SELECT * FROM `clinical_trial` ct WHERE ct.clinical_trial_id=$id";
    $r = $_db->get_row($query, ARRAY_A);

    if(count($r) == 0)
        return false;

    foreach ( $r as $key => $val ){
        $this->$key = stripslashes($val);
    }

    return true;
}
} // class

1 个答案:

答案 0 :(得分:2)

您不是要获取$ _GET变量吗?

假设您认为自己正在检索此行:

if($cid != '')  $params['category_id'] = $cid;

根据您的代码,条件始终为false。 正确的用法是:

if($_GET['cid'] != '')  $params['category_id'] = $_GET['cid'];