Php $\u从两个表中获取[ID]
我目前正在尝试从两个不同的表中获取两段数据,并以编辑类型的格式显示它们 我可以使用$_get[id]变量作为使用incidentID主键引用的一种方式来获取要显示的事件或位置。我曾考虑设置数据库自动顺序,以便事件和位置能够同步,但这并不是一个真正的解决方案 如何使用$\u GET[id]变量调用两个不同的表 代码如下所示,顺便说一句,我知道我的sql是开放供注入的,我应该因为不使用PDO而受到惩罚 如果有帮助的话,我可以添加DB结构,但我更愿意将DB结构保留在当前的位置 首先搜索数据 归档。”\php'Php $\u从两个表中获取[ID],php,mysql,Php,Mysql,我目前正在尝试从两个不同的表中获取两段数据,并以编辑类型的格式显示它们 我可以使用$_get[id]变量作为使用incidentID主键引用的一种方式来获取要显示的事件或位置。我曾考虑设置数据库自动顺序,以便事件和位置能够同步,但这并不是一个真正的解决方案 如何使用$\u GET[id]变量调用两个不同的表 代码如下所示,顺便说一句,我知道我的sql是开放供注入的,我应该因为不使用PDO而受到惩罚 如果有帮助的话,我可以添加DB结构,但我更愿意将DB结构保留在当前的位置 首先搜索数据 归档。”\
// Process the search query
if(isset($_POST['searchquery']) && $_POST['searchquery'] != ""){
// run code if condition meets here
$searchquery = preg_replace('#[^a-z 0-9?]#i', '', $_POST['searchquery']);
if($_POST['filter1'] == "0"){
$sqlCommand = "SELECT * FROM `incident` WHERE `iTypeID` = 0 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "1"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "2"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filer1'] == "3"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 3 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "4"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "5"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "6"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "7"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}
$query = mysql_query($sqlCommand) or die(mysql_error());
$count = mysql_num_rows($query);
if($count >= 1){
while($row = mysql_fetch_array($query)){
$incidentID = $row["incidentID"];
$dangerLevel =$row["dangerLevel"];
$search_output .= "Item ID: <br> $incidentID <br> Danger Level: <br> $dangerLevel<br/>
<a href=\"modify_incident.php?id=" . $row['incidentID'] . "\">Modify Entry</a>
<span> </span>
<a href=\"delete_incident.php?id=" . $row['incidentID'] . "\">Delete Entry</a> <br /><br />";
} // close while
} else {
}
}
?>
<html>
<head>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<legend>Incident Search Form</legend>
<p><label>Search a Disaster (by name): <input name="searchquery" type="text"></label></p>
<p><label>Search by Type<select name="filter1"></label></p>
<option value="0">None</option>
<option value="1">Fire</option>
<option value="2">Flood</option>
<option value="3">Hurricane</option>
<option value="4">Tropical Storm</option>
<option value="5">LandSlide</option>
<option value="6">Biological Outbreak</option>
</select>
</fieldset>
<input name="myBtn" type="submit">
<br />
<br />
<div>
<?php echo $search_output; ?>
</div>
</form>
</body>
</head>
</html>
if(!isset($_POST['submit'])){
$q = "SELECT * FROM incident WHERE incidentID = $_GET[id]";
$ql = "SELECT * FROM location where locationID = $_GET[id]";
$results = mysql_query($q);
$incident = mysql_fetch_array($results);
$results2 = mysql_query($ql);
$incident2 = mysql_fetch_array($results2);
}
?>
</html>
<head>
<body>
<h1>You are Modifying an Incident</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<legend>Incident</legend>
<p><label>Disaster Name: <input type="text" name ="inputIncident" value = "<?php echo $incident['disasterName']; ?>" placeholder = "SampleTree Fire" /></label></p>
<p><label>Disaster Description: <input type="text" name ="inputDescription" value = "<?php echo $incident['description']; ?>" placeholder = "Large Forest fire near" /></label></p>
<p><label>Time of Incident: <input type="time" name ="inputTime" value = "<?php echo $incident['time']; ?>" placeholder = "hh:mm:ss"/></label></p>
<p><label>Date of Incident: <input type="date" name ="inputDate" value = "<?php echo $incident['date']; ?>" placeholder = "yyyy/mm/dd"/></label></p>
<p><label>Danger of Incident: <input type="number" name ="inputdangerLevel" placeholder = "1-10" value = "<?php echo $incident['dangerLevel']; ?>" /></label></p>
<p><label for ="type">Select Disaster Type:</label>
<select id="type" name="type" value = "<?php echo $incident['iTypeID']; ?>"
<option value="0">None</option>
<option value="1">Fire</option>
<option value="2">Flood</option>
<option value="3">Hurricane</option>
<option value="4">Tropical Storm</option>
<option value="5">LandSlide</option>
<option value="6">Biological Outbreak</option>
</select>
</fieldset>
<fieldset>
<legend>Location</legend>
<p><label>Street Name:<input type="text" name ="inputStreet" value = "<?php echo $incident2['streetName']; ?>" placeholder = "Avalon Place" /></label></p>
<p><label>Street Number:<input type="number" name ="inputNumber" value = "<?php echo $incident2['streetNumber']; ?>" placeholder = "9" /></label></p>
<p><label>Suburb:<input type="text" name ="inputSuburb" value = "<?php echo $incident2['suburb']; ?>" placeholder = "Upper Kedron" /></label></p>
<p><label>Postcode:<input type="text" name ="inputPostCode" value = "<?php echo $incident2['postCode']; ?>" placeholder = "4055" /></label></p>
<p><label>Region:<input type="number" name ="inputRegion" value = "<?php echo $incident2['region']; ?>" placeholder = "4" /></label></p>
<p><label>Lattitude:<input type="text" name ="inputLattitude" value = "<?php echo $incident2['mapLat']; ?>" placeholder = "136.10" /></label></p>
<p><label>Longitude:<input type="text" name ="inputLongitude" value = "<?php echo $incident2['mapLon']; ?>" placeholder = "182.86" /></label></p>
<p><label for ="state">State:</label>
<select id="state" name="state" value = "<?php echo $incident2['state']; ?>">
<option value="QLD">QLD</option>
<option value="NSW">NSW</option>
<option value="NT">NT</option>
<option value="ACT">ACT</option>
<option value="SA">SA</option>
<option value="WA">WA</option>
<option value="TAS">TAS</option>
</select>
</fieldset>
</p>
<br/>
</fieldset>
<input type="hidden" name="id" value="<?php echo $_GET['id'];?>"/>
<!--<input type="hidden" name="id2" value="<?php echo $_GET['id'];?>"/>-->
<input type="submit" name="submit" value="modify"/>
</form>
</body>
</head>
</html>
<?php
if(isset($_POST['submit'])){
$u = "UPDATE incident SET `disasterName`='$_POST[inputIncident]',
`description`='$_POST[inputDescription]',
`time`='$_POST[inputTime]',
`date`='$_POST[inputDate]',
`dangerLevel`='$_POST[inputdangerLevel]',
`iTypeID`='$_POST[type]'
WHERE incidentID = $_POST[id]";
$ul = "UPDATE location SET `streetName`='$_POST[inputStreet]',
`steetNumber`='$_POST[inputNumber]',
`suburb`='$_POST[inputSuburb]',
`postcode`='$_POST[inputPostCode]',
`region`='$_POST[inputRegion]',
`lattitude`='$_POST[inputLattitde]',
`longitude`='$_POST[inputLongitude]',
`state`='$_POST[state]'
WHERE locationID = $_POST[id]";
mysql_query($u) or die (mysql_error());
mysql_query($ul) or die (mysql_error());
echo "User has been modified!";
header ('Location: output.php');
} else{
}
?>
Incident
Column Type Null Default Links to
incidentID int(15) No
dangerLevel int(2) No
description varchar(250) No
time time No
date date No
isresolved tinyint(1) No
locationID int(11) No location -> locationID
isPublic tinyint(1) No
iTypeID int(11) No itype -> iTypeID
disasterName text No
Location
Column Type Null Default
locationID int(10) No
postCode int(4) No
region text No
state text No
mapLat float No
mapLon float No
streetNumber int(11) No
streetName text No
suburb text No
在搜索数据后修改数据
归档。”\php'
// Process the search query
if(isset($_POST['searchquery']) && $_POST['searchquery'] != ""){
// run code if condition meets here
$searchquery = preg_replace('#[^a-z 0-9?]#i', '', $_POST['searchquery']);
if($_POST['filter1'] == "0"){
$sqlCommand = "SELECT * FROM `incident` WHERE `iTypeID` = 0 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "1"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "2"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filer1'] == "3"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 3 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "4"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "5"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "6"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}else if($_POST['filter1'] == "7"){
$sqlCommand = "SELECT incidentID FROM `incident` WHERE `iTypeID` = 2 AND `disasterName` LIKE '%$searchquery%'";
}
$query = mysql_query($sqlCommand) or die(mysql_error());
$count = mysql_num_rows($query);
if($count >= 1){
while($row = mysql_fetch_array($query)){
$incidentID = $row["incidentID"];
$dangerLevel =$row["dangerLevel"];
$search_output .= "Item ID: <br> $incidentID <br> Danger Level: <br> $dangerLevel<br/>
<a href=\"modify_incident.php?id=" . $row['incidentID'] . "\">Modify Entry</a>
<span> </span>
<a href=\"delete_incident.php?id=" . $row['incidentID'] . "\">Delete Entry</a> <br /><br />";
} // close while
} else {
}
}
?>
<html>
<head>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<legend>Incident Search Form</legend>
<p><label>Search a Disaster (by name): <input name="searchquery" type="text"></label></p>
<p><label>Search by Type<select name="filter1"></label></p>
<option value="0">None</option>
<option value="1">Fire</option>
<option value="2">Flood</option>
<option value="3">Hurricane</option>
<option value="4">Tropical Storm</option>
<option value="5">LandSlide</option>
<option value="6">Biological Outbreak</option>
</select>
</fieldset>
<input name="myBtn" type="submit">
<br />
<br />
<div>
<?php echo $search_output; ?>
</div>
</form>
</body>
</head>
</html>
if(!isset($_POST['submit'])){
$q = "SELECT * FROM incident WHERE incidentID = $_GET[id]";
$ql = "SELECT * FROM location where locationID = $_GET[id]";
$results = mysql_query($q);
$incident = mysql_fetch_array($results);
$results2 = mysql_query($ql);
$incident2 = mysql_fetch_array($results2);
}
?>
</html>
<head>
<body>
<h1>You are Modifying an Incident</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<legend>Incident</legend>
<p><label>Disaster Name: <input type="text" name ="inputIncident" value = "<?php echo $incident['disasterName']; ?>" placeholder = "SampleTree Fire" /></label></p>
<p><label>Disaster Description: <input type="text" name ="inputDescription" value = "<?php echo $incident['description']; ?>" placeholder = "Large Forest fire near" /></label></p>
<p><label>Time of Incident: <input type="time" name ="inputTime" value = "<?php echo $incident['time']; ?>" placeholder = "hh:mm:ss"/></label></p>
<p><label>Date of Incident: <input type="date" name ="inputDate" value = "<?php echo $incident['date']; ?>" placeholder = "yyyy/mm/dd"/></label></p>
<p><label>Danger of Incident: <input type="number" name ="inputdangerLevel" placeholder = "1-10" value = "<?php echo $incident['dangerLevel']; ?>" /></label></p>
<p><label for ="type">Select Disaster Type:</label>
<select id="type" name="type" value = "<?php echo $incident['iTypeID']; ?>"
<option value="0">None</option>
<option value="1">Fire</option>
<option value="2">Flood</option>
<option value="3">Hurricane</option>
<option value="4">Tropical Storm</option>
<option value="5">LandSlide</option>
<option value="6">Biological Outbreak</option>
</select>
</fieldset>
<fieldset>
<legend>Location</legend>
<p><label>Street Name:<input type="text" name ="inputStreet" value = "<?php echo $incident2['streetName']; ?>" placeholder = "Avalon Place" /></label></p>
<p><label>Street Number:<input type="number" name ="inputNumber" value = "<?php echo $incident2['streetNumber']; ?>" placeholder = "9" /></label></p>
<p><label>Suburb:<input type="text" name ="inputSuburb" value = "<?php echo $incident2['suburb']; ?>" placeholder = "Upper Kedron" /></label></p>
<p><label>Postcode:<input type="text" name ="inputPostCode" value = "<?php echo $incident2['postCode']; ?>" placeholder = "4055" /></label></p>
<p><label>Region:<input type="number" name ="inputRegion" value = "<?php echo $incident2['region']; ?>" placeholder = "4" /></label></p>
<p><label>Lattitude:<input type="text" name ="inputLattitude" value = "<?php echo $incident2['mapLat']; ?>" placeholder = "136.10" /></label></p>
<p><label>Longitude:<input type="text" name ="inputLongitude" value = "<?php echo $incident2['mapLon']; ?>" placeholder = "182.86" /></label></p>
<p><label for ="state">State:</label>
<select id="state" name="state" value = "<?php echo $incident2['state']; ?>">
<option value="QLD">QLD</option>
<option value="NSW">NSW</option>
<option value="NT">NT</option>
<option value="ACT">ACT</option>
<option value="SA">SA</option>
<option value="WA">WA</option>
<option value="TAS">TAS</option>
</select>
</fieldset>
</p>
<br/>
</fieldset>
<input type="hidden" name="id" value="<?php echo $_GET['id'];?>"/>
<!--<input type="hidden" name="id2" value="<?php echo $_GET['id'];?>"/>-->
<input type="submit" name="submit" value="modify"/>
</form>
</body>
</head>
</html>
<?php
if(isset($_POST['submit'])){
$u = "UPDATE incident SET `disasterName`='$_POST[inputIncident]',
`description`='$_POST[inputDescription]',
`time`='$_POST[inputTime]',
`date`='$_POST[inputDate]',
`dangerLevel`='$_POST[inputdangerLevel]',
`iTypeID`='$_POST[type]'
WHERE incidentID = $_POST[id]";
$ul = "UPDATE location SET `streetName`='$_POST[inputStreet]',
`steetNumber`='$_POST[inputNumber]',
`suburb`='$_POST[inputSuburb]',
`postcode`='$_POST[inputPostCode]',
`region`='$_POST[inputRegion]',
`lattitude`='$_POST[inputLattitde]',
`longitude`='$_POST[inputLongitude]',
`state`='$_POST[state]'
WHERE locationID = $_POST[id]";
mysql_query($u) or die (mysql_error());
mysql_query($ul) or die (mysql_error());
echo "User has been modified!";
header ('Location: output.php');
} else{
}
?>
Incident
Column Type Null Default Links to
incidentID int(15) No
dangerLevel int(2) No
description varchar(250) No
time time No
date date No
isresolved tinyint(1) No
locationID int(11) No location -> locationID
isPublic tinyint(1) No
iTypeID int(11) No itype -> iTypeID
disasterName text No
Location
Column Type Null Default
locationID int(10) No
postCode int(4) No
region text No
state text No
mapLat float No
mapLon float No
streetNumber int(11) No
streetName text No
suburb text No
我想我可能找到了一种不同的方法来做这件事,但仍然需要一点帮助,如何将它扩展到$row['incidentID']和$row['locationID']将被分配给ID和ID2
<a href=\"modify_incident.php?id=" . $row['incidentID'] . "\">Modify Entry</a>
如果这是一个1:M的关系,那么一个位置可能有许多事件,您可能希望将这些表连接在一起: 从事件i中选择*位置l,其中i.id=?和i.location_id=l.id 每行都有来自事件和相应位置的列 编辑: 您可以使用更新连接通过事件ID更新位置:
update location l
join incident i on i.location_id = l.id
set l.city = ?
where i.id = ?
如果这是一个1:1的关系,并且每个事件都有一个唯一的位置,您还可以将这两个表合并为一个表。您的脚本容易受到SQL注入的攻击。你肯定应该这样做。我知道这是正确的方法,但是让我们假设它的modify_事件。php?id=62有没有办法让它修改_事件。php?id_1=62,id_2=29