如何在php mysqli中编写和查看考试分数列表条目的代码
我有下面的DB表如何在php mysqli中编写和查看考试分数列表条目的代码,php,twitter-bootstrap,mysqli,Php,Twitter Bootstrap,Mysqli,我有下面的DB表 学生信息 考试信息 类别信息 主题信息 如何在标记列表表中添加标记详细信息? 以及如何检索以供将来查看/编辑 我使用Bootstrap、php和MYSQLi进行项目开发。 另外,我在Mark_列表表中有以下Coulmn 标识 考试id 类别识别码 受试者id 学生证 标记 我需要PHP mysqli代码。您的问题有两个方面的含义1)添加和编辑标记列表表2)从其他表获取数据并立即编辑它们 我将以第一种方式回答 据我从您的描述中了解,您希望在表Mark_list中添加标记详
- 学生信息
- 考试信息
- 类别信息
- 主题信息
- 标识
- 考试id
- 类别识别码
- 受试者id
- 学生证
- 标记
我需要PHP mysqli代码。您的问题有两个方面的含义1)添加和编辑标记列表表2)从其他表获取数据并立即编辑它们 我将以第一种方式回答 据我从您的描述中了解,您希望在表Mark_list中添加标记详细信息,该表具有以下列,我使用Bootstrap、php、MYSQLi 如果你需要第二种方法,我甚至可以帮你 这里我将使用mysqli面向对象查询。 PHP MYSQLI代码,带有HTML,用于添加数据并将其编辑到
mark_list表中
<?php
//CONNECT TO DATABASE
$link = new mysqli('localhost','root','','example');
// Check connection
if ($link->connect_error) {
die("Connection failed: " . $link->connect_error);
}
//HERE ADD THE DATA FROM FORM TO MYSQL DATABASE
if(isset($_POST['addmarks'])){
$marksid = $_POST['markId'];
$examid = $_POST['examId'];
$classid = $_POST['classId'];
$subjectid = $_POST['subjectId'];
$studentid = $_POST['studentId'];
$marks = $_POST['obtnmarks'];
//NOW INSERT INTO TABLE
$query = "INSERT INTO mark_list
(mark_id, Exam_id, Class_id, Subject_id, Student_id, marks) VALUES ('$marksid','$examid','$classid','$subjectid','$studentid','$marks')";
if($link->query($query) === TRUE){
echo "SUCCESSFULLY INSERTED";
}
else
{
echo "Failed to add data<br>".$query."<br>".$link->error;
}
}
//HERE ADD THE DATA FROM FORM TO MYSQL DATABASE
if(isset($_POST['updatemarks'])){
$updateId = $_POST['idupdate'];
$marksid = $_POST['markId'];
$examid = $_POST['examId'];
$classid = $_POST['classId'];
$subjectid = $_POST['subjectId'];
$studentid = $_POST['studentId'];
$marks = $_POST['obtnmarks'];
//NOW INSERT INTO TABLE
$query = "UPDATE mark_list SET mark_id='$marksid', Exam_id='$examid', Class_id='$classid', Subject_id='$subjectid', Student_id='$studentid', marks='$marks' WHERE id='$updateId'";
if($link->query($query) === TRUE){
echo "UPDATED SUCCESSFULLY";
}
else
{
echo "Failed to add data<br>".$query."<br>".$link->error;
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>BOOTSTRAP PHP MYSQLI OBJECT ORIENTED ADD AND RETREIVE DATA </title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<div class="col-md-4 col-md-offset-4">
<!-- CREATE A INPUT FORM TO ADD DATA-->
<form action="" method="post">
<legend class="text-center">ADD MARKS</legend>
<div class="form-group">
<input type="number" class="form-control" name="markId" placeholder="enter marks id">
</div>
<div class="form-group">
<input type="number" class="form-control" name="examId" placeholder="enter Exam id">
</div>
<div class="form-group">
<input type="number" class="form-control" name="classId" placeholder="enter Class id">
</div>
<div class="form-group">
<input type="number" class="form-control" name="subjectId" placeholder="enter Subject id">
</div>
<div class="form-group">
<input type="number" class="form-control" name="studentId" placeholder="enter Student id">
</div>
<div class="form-group">
<input type="number" class="form-control" name="obtnmarks" placeholder="enter marks Obtained">
</div>
<div class="form-group text-center">
<input type="submit" class="btn btn-primary" name="addmarks" value="submit">
<input type="submit" class="btn btn-primary" name="retriveData" value="retreive data">
</div>
</form>
</div>
</div>
<?php
//EDIT MARKS DATA
if(isset($_GET['editid'])){
$editid = $_GET['editid'];
$select_sql = "SELECT * FROM mark_list WHERE id='$editid'";
$result = $link->query($select_sql);
while($row = $result->fetch_assoc()){
?>
<div class="col-md-4 col-md-offset-4">
<form action="" method="post">
<legend>Update the Marks</legend>
<div class="form-group">
<p>marks id</p>
<input type="number" class="form-control" name="markId" value="<?php echo $row['mark_id'];?>">
<input type="number" class="form-control" name="idupdate" value="<?php echo $row['id'];?>">
</div>
<div class="form-group">
<p>Exam id</p>
<input type="number" class="form-control" name="examId" value="<?php echo $row['Exam_id']; ?>">
</div>
<div class="form-group">
<p>Class id</p>
<input type="number" class="form-control" name="classId" value="<?php echo $row['Class_id']; ?>">
</div>
<div class="form-group">
<p>Subject id</p>
<input type="number" class="form-control" name="subjectId" value="<?php echo $row['Subject_id']; ?>">
</div>
<div class="form-group">
<p>Student id</p>
<input type="number" class="form-control" name="studentId" value="<?php echo $row['Student_id']; ?>">
</div>
<div class="form-group">
<p>marks id</p>
<input type="number" class="form-control" name="obtnmarks" value="<?php echo $row['marks']; ?>">
</div>
<div class="form-group text-center">
<input type="submit" class="btn btn-primary" name="updatemarks" value="UPDATE MARKS">
</div>
</form>
</div>
<?php
}
}
?>
<!-- RETRIVE DATA -->
<?php
if(isset($_POST['retriveData'])){
$sql = "SELECT * FROM mark_list";
$res= $link->query($sql);
?>
<div class="table-responsive container">
<table class="table table-hover">
<thead>
<tr>
<th>Marks id</th>
<th>Exam id</th>
<th>Class id</th>
<th>Subject id</th>
<th>Student id</th>
<th>Marks id</th>
</tr>
</thead>
<tbody>
<?php
if($res->num_rows > 0){
while($row = $res->fetch_assoc()){
?>
<tr>
<td><?php echo $row['mark_id'];?></td>
<td><?php echo $row['Exam_id'];?></td>
<td><?php echo $row['Class_id'];?></td>
<td><?php echo $row['Subject_id'];?></td>
<td><?php echo $row['Student_id'];?></td>
<td><?php echo $row['marks'];?></td>
<td><a href="stackphpaddmysqli.php?editid=<?php echo $row['id'];?>">Edit</a></td>
</tr>
<?php
}
}
?>
</tbody>
</table>
</div>
<?php
}
?>
</body>
</html>
你的代码在哪里?提示。Sql injection.Hint。Sql注入。简要解释。使用准备好的语句正确设置查询的格式。您当前构造查询的方式暗示您信任用户的输入,没有什么可以阻止他们在查询完成之前关闭查询并执行另一个命令。比如放桌子。
<?php
//CONNECT TO DATABASE
$link = new mysqli('localhost','root','','example');
// Check connection
if ($link->connect_error) {
die("Connection failed: " . $link->connect_error);
}
//HERE ADD THE DATA FROM FORM TO MYSQL DATABASE
if(isset($_POST['addmarks'])){
$marksid = $_POST['markId'];
$examid = $_POST['examId'];
$classid = $_POST['classId'];
$subjectid = $_POST['subjectId'];
$studentid = $_POST['studentId'];
$marks = $_POST['obtnmarks'];
//NOW INSERT INTO TABLE
$query = "INSERT INTO mark_list
(mark_id, Exam_id, Class_id, Subject_id, Student_id, marks) VALUES ('$marksid','$examid','$classid','$subjectid','$studentid','$marks')";
if($link->query($query) === TRUE){
echo "SUCCESSFULLY INSERTED";
}
else
{
echo "Failed to add data<br>".$query."<br>".$link->error;
}
}
//HERE ADD THE DATA FROM FORM TO MYSQL DATABASE
if(isset($_POST['updatemarks'])){
$updateId = $_POST['idupdate'];
$marksid = $_POST['markId'];
$examid = $_POST['examId'];
$classid = $_POST['classId'];
$subjectid = $_POST['subjectId'];
$studentid = $_POST['studentId'];
$marks = $_POST['obtnmarks'];
//NOW INSERT INTO TABLE
$query = "UPDATE mark_list SET mark_id='$marksid', Exam_id='$examid', Class_id='$classid', Subject_id='$subjectid', Student_id='$studentid', marks='$marks' WHERE id='$updateId'";
if($link->query($query) === TRUE){
echo "UPDATED SUCCESSFULLY";
}
else
{
echo "Failed to add data<br>".$query."<br>".$link->error;
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>BOOTSTRAP PHP MYSQLI OBJECT ORIENTED ADD AND RETREIVE DATA </title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<div class="col-md-4 col-md-offset-4">
<!-- CREATE A INPUT FORM TO ADD DATA-->
<form action="" method="post">
<legend class="text-center">ADD MARKS</legend>
<div class="form-group">
<input type="number" class="form-control" name="markId" placeholder="enter marks id">
</div>
<div class="form-group">
<input type="number" class="form-control" name="examId" placeholder="enter Exam id">
</div>
<div class="form-group">
<input type="number" class="form-control" name="classId" placeholder="enter Class id">
</div>
<div class="form-group">
<input type="number" class="form-control" name="subjectId" placeholder="enter Subject id">
</div>
<div class="form-group">
<input type="number" class="form-control" name="studentId" placeholder="enter Student id">
</div>
<div class="form-group">
<input type="number" class="form-control" name="obtnmarks" placeholder="enter marks Obtained">
</div>
<div class="form-group text-center">
<input type="submit" class="btn btn-primary" name="addmarks" value="submit">
<input type="submit" class="btn btn-primary" name="retriveData" value="retreive data">
</div>
</form>
</div>
</div>
<?php
//EDIT MARKS DATA
if(isset($_GET['editid'])){
$editid = $_GET['editid'];
$select_sql = "SELECT * FROM mark_list WHERE id='$editid'";
$result = $link->query($select_sql);
while($row = $result->fetch_assoc()){
?>
<div class="col-md-4 col-md-offset-4">
<form action="" method="post">
<legend>Update the Marks</legend>
<div class="form-group">
<p>marks id</p>
<input type="number" class="form-control" name="markId" value="<?php echo $row['mark_id'];?>">
<input type="number" class="form-control" name="idupdate" value="<?php echo $row['id'];?>">
</div>
<div class="form-group">
<p>Exam id</p>
<input type="number" class="form-control" name="examId" value="<?php echo $row['Exam_id']; ?>">
</div>
<div class="form-group">
<p>Class id</p>
<input type="number" class="form-control" name="classId" value="<?php echo $row['Class_id']; ?>">
</div>
<div class="form-group">
<p>Subject id</p>
<input type="number" class="form-control" name="subjectId" value="<?php echo $row['Subject_id']; ?>">
</div>
<div class="form-group">
<p>Student id</p>
<input type="number" class="form-control" name="studentId" value="<?php echo $row['Student_id']; ?>">
</div>
<div class="form-group">
<p>marks id</p>
<input type="number" class="form-control" name="obtnmarks" value="<?php echo $row['marks']; ?>">
</div>
<div class="form-group text-center">
<input type="submit" class="btn btn-primary" name="updatemarks" value="UPDATE MARKS">
</div>
</form>
</div>
<?php
}
}
?>
<!-- RETRIVE DATA -->
<?php
if(isset($_POST['retriveData'])){
$sql = "SELECT * FROM mark_list";
$res= $link->query($sql);
?>
<div class="table-responsive container">
<table class="table table-hover">
<thead>
<tr>
<th>Marks id</th>
<th>Exam id</th>
<th>Class id</th>
<th>Subject id</th>
<th>Student id</th>
<th>Marks id</th>
</tr>
</thead>
<tbody>
<?php
if($res->num_rows > 0){
while($row = $res->fetch_assoc()){
?>
<tr>
<td><?php echo $row['mark_id'];?></td>
<td><?php echo $row['Exam_id'];?></td>
<td><?php echo $row['Class_id'];?></td>
<td><?php echo $row['Subject_id'];?></td>
<td><?php echo $row['Student_id'];?></td>
<td><?php echo $row['marks'];?></td>
<td><a href="stackphpaddmysqli.php?editid=<?php echo $row['id'];?>">Edit</a></td>
</tr>
<?php
}
}
?>
</tbody>
</table>
</div>
<?php
}
?>
</body>
</html>