我想使用PHP和ajax调用函数从我的数据库中选择数据。 在select函数中,我使用了textbox
中的$ _POST。我在我的页面上创建了一个PHP和ajax调用函数,但有些错误。我使用isset[]
来检查我从textbox
获得的$_POST
数据。我在那里使用if
条件 - 当$_POST
为空时,它将选择所有没有where子句的数据,并且当特定的$_POST
有值时,它将选择数据和a where子句。
这里的问题是,当我使用我的textbox
中的数据将字符串呈现给我的PHP $_POST
时,我的PHP中的else条件无法运行。
这是我的代码,我使用:
的JavaScript/jQuery的:
$(document).ready(function(e) {
var data = $("#report_all").serialize();
$('#all_report thead').empty();
$('#all_report tbody').empty();
$.ajax({
data: data,
type: "Post",
url: "../php/report/report_all_wjm.php",
success: function(data){
var list = JSON.parse(data);
var th = "";
th += "<th>"+"<center>"+'No'+"</center>"+"</th>";
th += "<th>"+"<center>"+'Storage Location'+"</center>"+"</th>";
th += "<th>"+"<center>"+'Kode Material'+"</center>"+"</th>";
th += "<th>"+"<center>"+'Nama Material'+"</center>"+"</th>";
th += "<th>"+"<center>"+'No.Polisi'+"</center>"+"</th>";
th += "<th>"+"<center>"+'Id Identifier'+"</center>"+"</th>";
th += "<th>"+"<center>"+'Date'+"</center>"+"</th>";
th += "<th>"+"<center>"+'Netto'+"</center>"+"</th>";
th += "<th>"+"<center>"+'Uses'+"</center>"+"</th>";
th += "<th>"+"<center>"+'Unit'+"</center>"+"</th>";
th += "<th>"+"<center>"+'Payroll'+"</center>"+"</th>";
th += "</th>";
$("#all_report thead").append(th);
for(var i = 0; i < list.length; i++){
var tr = "<tr>";
tr += "<td>" +(i+1)+"</td>";
tr += "<td>" +list[i]['sloc']+"</td>";
tr += "<td>" +list[i]['kode']+"</td>";
tr += "<td>" +list[i]['nama']+"</td>";
tr += "<td>" +list[i]['no_pol']+"</td>";
tr += "<td>" +list[i]['id']+"</td>";
tr += "<td>" +list[i]['date']+"</td>";
tr += "<td>" +list[i]['netto']+"</td>";
tr += "<td>" +list[i]['uses']+"</td>";
tr += "<td>" +list[i]['unit']+"</td>";
tr += "<td>" +list[i]['payroll']+"</td>";
tr += "</tr>";
$("#all_report tbody").append(tr);
$("#all_report").show();
}
return false;
}
});
});
PHP:
<?php
include("../../Connections/koneksi.php");
$date_awal=$_POST['date_start'];
$date_akhir=$_POST['date_end'];
$kode=$_POST['kode_mat'];
$kode1=$_POST['kode_mat1'];
$sloc=$_POST['s_loc'];
$sloc1=$_POST['s_loc1'];
$type=$_POST['get_type'];
//Display all data
if (isset($date_awal) == "" || isset($date_akhir) == "" || isset($sloc)== "" || isset($sloc1)== "" || isset($kode)== "" || isset($kode1)== "" || isset($type)== ""){
$sql = "SELECT * FROM wjm ORDER by no asc";
$query = mysqli_query($db,$sql);
$rows = array();
while($tmp= mysqli_fetch_assoc($query)) {
$rows[] = $tmp;
}
}
//Display all data by one date
else {
// Data for Titik1
$sql = "SELECT * FROM wjm WHERE date='$date_awal' order by kode asc ";
$query = mysqli_query($db,$sql);
$rows = array();
while($tmp= mysqli_fetch_assoc($query)) {
$rows[] = $tmp;
}
echo json_encode($rows);
}
mysqli_close($db);
?>
您的代码易受[** SQL注入**](https://en.wikipedia.org/wiki/SQL_injection)攻击。您应该通过[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)或[** PDO **](https ://secure.php.net/manual/en/pdo.prepared-statements.php)驱动程序。 [**这篇文章**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)有一些很好的例子。 –
@AlexHowansky嗯..让我问一些问题。是类似于'$ stmt-> execute'的任何语法,我不知道如何使用' - >'这个语法。我试着用' - >'来使用语法,并且在那里出现错误 –
我发现初学者被挂在PHP对象或PHP OOP上真的很奇怪,但他们很乐意在JavaScript中整天使用它。 –