Php DataTables服务器端处理警告
我正在使用DataTables,但它导致了一个错误,我无法找到错误所在 我想使用服务器端处理,因为在插入11k行之后,它就落后了 我正在使用的代码:Php DataTables服务器端处理警告,php,mysql,arrays,sql-server,datatables,Php,Mysql,Arrays,Sql Server,Datatables,我正在使用DataTables,但它导致了一个错误,我无法找到错误所在 我想使用服务器端处理,因为在插入11k行之后,它就落后了 我正在使用的代码: <?php /* Database connection start */ $servername = "localhost"; $username = "root"; $password = ""; $dbname = "accounts"; $conn = mysqli_connect($servername, $username,
<?php
/* Database connection start */
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "accounts";
$conn = mysqli_connect($servername, $username, $password, $dbname) or die("Connection failed: " . mysqli_connect_error());
/* Database connection end */
// storing request (ie, get/post) global array to a variable
$requestData= $_REQUEST;
$columns = array(
// datatable column index => database column name
0 =>'type',
1 => 'country',
2 => 'information',
3 => 'seller',
4 => 'price'
);
// getting total number records without any search
$sql = "SELECT type, country, information, seller, price ";
$sql.=" FROM accounts WHERE type2='1'";
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees");
$totalData = mysqli_num_rows($query);
$totalFiltered = $totalData; // when there is no search parameter then total number rows = total number filtered rows.
$sql = "SELECT type, country, information, seller, price ";
$sql.=" FROM accounts WHERE type2='1' AND 1=1";
if( !empty($requestData['search']['value']) ) { // if there is a search parameter, $requestData['search']['value'] contains search parameter
$sql.=" AND ( type LIKE '".$requestData['search']['value']."%' ";
$sql.=" OR country LIKE '".$requestData['search']['value']."%' ";
$sql.=" OR information LIKE '".$requestData['search']['value']."%' )";
$sql.=" OR seller LIKE '".$requestData['search']['value']."%' )";
}
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees");
$totalFiltered = mysqli_num_rows($query); // when there is a search parameter then we have to modify total number filtered rows as per search result.
$sql.=" ORDER BY ". $columns[$requestData['order'][0]['column']]." ".$requestData['order'][0]['dir']." LIMIT ".$requestData['start']." ,".$requestData['length']." ";
/* $requestData['order'][0]['column'] contains colmun index, $requestData['order'][0]['dir'] contains order such as asc/desc */
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees");
$data = array();
while( $row=mysqli_fetch_array($query) ) { // preparing an array
$nestedData=array();
$nestedData[] = $row["type"];
$nestedData[] = $row["country"];
$nestedData[] = $row["information"];
$nestedData[] = $row["seller"];
$nestedData[] = $row["price"];
$data[] = $nestedData;
}
$json_data = array(
"draw" => intval( $requestData['draw'] ), // for every request/draw by clientside , they send a number as a parameter, when they recieve a response/data they first check the draw number, so we are sending same number in draw.
"recordsTotal" => intval( $totalData ), // total number of records
"recordsFiltered" => intval( $totalFiltered ), // total number of records after searching, if there is no searching then totalFiltered = totalData
"data" => $data // total data array
);
echo json_encode($json_data); // send data as json format
?>
$requestData
没有开始键和顺序键,因此请使用isset()
或empty()
函数检查它们是否为空,然后仅使用它们
例如:
LIMIT " . (empty($requestData['start']) ?
'whatever you want to put default value' :
$requestData['start'])
$requestData
没有开始键和顺序键,因此请使用isset()
或empty()
函数检查它们是否为空,然后仅使用它们
例如:
LIMIT " . (empty($requestData['start']) ?
'whatever you want to put default value' :
$requestData['start'])
我看到SQL注入漏洞了吗?是的,我想是的。这是我从谷歌得到的代码。请始终以文本而不是图像的形式发布错误。如果下次登录时可以替换上面的内容,那就太好了。您将看到这个问题以前在“相关”侧栏()中被问过。我看到SQL注入漏洞了吗?是的,我想是的。这是我从谷歌得到的代码。请始终以文本而不是图像的形式发布错误。如果下次登录时可以替换上面的内容,那就太好了。您将在“相关”侧栏()中看到以前有人问过这个问题。