まず、私は SQL インジェクションを認識しているので、コメントする必要はありません。このフォームは決してインターネットに接続せず、2 人だけが使用します。
今私の問題は、以下のこのコードを数週間使用していて、うまく機能していることです
<?php
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." ORDER BY id " ;
$sql_result = mysql_query ($sql, $connection ) or die ('request "Could not execute SQL query" '.$sql);
while ($row = mysql_fetch_assoc($sql_result)) {
}
?>
<input type="submit" name="button" id="table_button" value="Search" style="width: 45px" />
<a href="search_football.php">Reset</a> </div>
</form></fieldset>
<br /><br />
<fieldset style="width: 725px"><legend>Search Results</legend>
<?php
// Define $color=1
$color="1";
echo '<table width="100%" border="1" align="center" cellpadding="0" cellspacing="0">';
echo '<th>ID</th><th>Division</th><th>Club</th><th>Roster Number</th><th>Last Name</th><th>First Name</th><th>Registered</th><th>Payment</th></th><th>View Player</th><th>Edit Player</th><th>Check Out</th><th>Check In</th><th>Make Badge</th><th>Delete</th>';
if ($_REQUEST["club"]<>'') {
$search_club = " AND club='".mysql_real_escape_string($_REQUEST["club"])."'";
}
if ($_REQUEST["division"]<>'') {
$search_division = " AND division='".mysql_real_escape_string($_REQUEST["division"])."'";
}
if ($_REQUEST["lname"]<>'') {
$search_lname = " AND lname='".mysql_real_escape_string($_REQUEST["lname"])."'";
}
if ($_REQUEST["club"]<>'' and $_REQUEST["division"]<>'' and $_REQUEST["lname"]<>'') {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE club = '".mysql_real_escape_string($_REQUEST["club"])."' AND division = '".mysql_real_escape_string($_REQUEST["division"])."' AND lname = '".mysql_real_escape_string($_REQUEST["lname"])."'".$search_club.$search_division.$search_lname;
} else {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE id>0".$search_club.$search_division.$search_lname;
}
$sql_result = mysql_query ($sql, $connection ) or die ('request "Could not execute SQL query" '.$sql);
if (mysql_num_rows($sql_result)>0) {
while ($row = mysql_fetch_assoc($sql_result)) {
// If $color==1 table row color = #FFC600
if($color==1){
echo "<tr bgcolor='#C6E7F7'>
<td><center>".$row['id']."</center></td><td><center>".$row['division']."</center></td><td><center>".$row['club']."</center></td><td><center>".$row['roster_number']."</center></td><td><center>".$row['lname']."</center></td><td><center>".$row['fname']."</center></td><td><center>".$row['registered']."</center></td><td><center>".$row['pay_status']."</center></td><td><center><a href=player_verification.php?id=$row[id]><img src=images/icons/view.png height='30' width='30' border='0'/></center></td><td><center><a href=edit_player.php?id=$row[id]><img src=images/icons/edit.png height='25' width='25' border='0'/></center></td><td><center><a href=equipment_checkout.php?id=$row[id]><img src=images/icons/out-icon.png height='30' width='30' border='0'/></center></td><td><center><a href=equipment_checkin.php?id=$row[id]><img src=images/icons/checkin.png height='30' width='30' border='0'/></center></td><td><center><a href=make_badge.php?id=$row[id]><img src=images/icons/badge.png height='30' width='30' border='0'/></center></td><td><center><a href=delete.php?id=$row[id]><img src=images/icons/delete.gif height='20' width='20' border='0'/></center></td></tr>";
// Set $color==2, for switching to other color
$color="2";
}
// When $color not equal 1, use this table row color
else {
echo "<tr bgcolor='#FFFFFF'>
<td><center>".$row['id']."</center></td><td><center>".$row['division']."</center></td><td><center>".$row['club']."</center></td><td><center>".$row['roster_number']."</center></td><td><center>".$row['lname']."</center></td><td><center>".$row['fname']."</center></td><td><center>".$row['registered']."</center></td><td><center>".$row['pay_status']."</center></td><td><center><a href=player_verification.php?id=$row[id]><img src=images/icons/view.png height='30' width='30' border='0'/></center></td><td><center><a href=edit_player.php?id=$row[id]><img src=images/icons/edit.png height='25' width='25' border='0'/></center></td><td><center><a href=equipment_checkout.php?id=$row[id]><img src=images/icons/out-icon.png height='30' width='30' border='0'/></center></td><td><center><a href=equipment_checkin.php?id=$row[id]><img src=images/icons/checkin.png height='30' width='30' border='0'/></center></td><td><center><a href=make_badge.php?id=$row[id]><img src=images/icons/badge.png height='30' width='30' border='0'/></center></td><td><center><a href=delete.php?id=$row[id]><img src=images/icons/delete.gif height='20' width='20' border='0'/></center></td></tr>";
// Set $color back to 1
$color="1";
}
}
} else {
?>
次に、ページネーション用のjqueryプラグインを追加するように変更することにしました。今はこれを使用しています
<?php
include 'elite-banner.php';
$con = mysql_connect("localhost", "root", "xxx");
if (!$con) {
die("Error: " . mysql_error());
}
mysql_select_db("xxx", $con);
$result = mysql_query("SELECT * FROM players WHERE ID = id");
?>
<br/>
<!DOCTYPE html>
<html>
<head>
<title>DataTables</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script src="media/js/jquery.js" type="text/javascript"></script>
<script src="media/js/jquery.dataTables.js" type="text/javascript"></script>
<style type="text/css">
@import "media/css/demo_table_jui.css";
@import "media/themes/smoothness/jquery-ui-1.8.4.custom.css";
*{
font-family: arial;
}
#holder {
margin:auto;
}
.auto-style1 {
border-left: 1px solid #C0C0C0;
font-family: "Courier New", Courier, monospace;
}
.auto-style2 {
text-align: center;
border-right-style: solid;
border-right-width: 1px;
border-right-color:#C0C0C0
}
.auto-style3 {
font-family: "Agency FB";
}
.auto-style4 {
font-family: "Courier New", Courier, monospace;
}
.auto-style5 {
text-align: center;
font-family: "Courier New", Courier, monospace;
}
tr:hover {
background-color:#99FF99;
}
</style>
<script type="text/javascript" charset="utf-8">
$(document).ready(function(){
$('#datatables').dataTable({
"sPaginationType":"full_numbers",
"aaSorting":[[2, "desc"]],
"bJQueryUI":true
});
})
</script>
<?php
include 'menu.php';
?>
</head>
<body>
<div id="holder" style="width:70%;">
<div>
<table id="datatables" class="display">
<thead>
<tr>
<th style="width: 22px" class="auto-style3">Div</th>
<th style="width: 180px" class="auto-style3">Club</th>
<th style="width: 125px" class="auto-style3">Last Name</th>
<th style="width: 129px" class="auto-style3">First Name</th>
<th style="width: 50px" class="auto-style3">Number</th>
<th style="width: 40px" class="auto-style3">View </th>
<th style="width: 40px" class="auto-style3">Edit </th>
<th style="width: 40px" class="auto-style3">Out</th>
<th style="width: 40px" class="auto-style3">In</th>
<th style="width: 40px" class="auto-style3">Badge</th>
<th style="width: 40px" class="auto-style3">Delete</th>
</tr>
</thead>
<tbody>
<?php
while ($row = mysql_fetch_array($result)) {
?>
<tr>
<td class="auto-style1" style="width: 22px"><?=$row[division]?></td>
<td class="auto-style5" style="width: 180px"><?=$row[club]?></td>
<td class="auto-style5" style="width: 125px"><?=$row[lname]?></td>
<td class="auto-style5" style="width: 129px"><?=$row[fname]?></td>
<td class="auto-style5" style="width: 50px"><?=$row[roster_number]?></td>
<td class="dataTables_empty" style="width: 40px"><a href=player_verification.php?id=$row[id]>
<img src="images/icons/view.png" height="30" width="30" border="0" class="auto-style4"/></a></td>
<td class="dataTables_empty" style="width: 40px"><a href=edit_player.php?id=$row[id]>
<img src="images/edit.png" height="30" width="30" border="0" class="auto-style4"/></a></td>
<td class="dataTables_empty" style="width: 40px"><a href=check_out.php?id=$row[id]>
<img src="images/checkout.png" height="30" width="30" border="0" class="auto-style4"/></a></td>
<td class="dataTables_empty" style="width: 40px"><a href=check_in.php?id=$row[id]>
<img src="images/checkin.png" height="40" width="40" border="0" class="auto-style4"/></a></td>
<td class="dataTables_empty" style="width: 40px"><a href=make_badge.php?id=$row[id]>
<img src="images/badge.png" height="40" width="40" border="0" class="auto-style4"/></a></td>
<td class="auto-style2" style="width: 40px"><a href=delete.php?id=$row[id]>
<img src="images/delete.gif" height="30" width="30" border="0" class="auto-style4"/></a></td>
</tr>
<?php
}
?>
</tbody>
</table>
</div>
</div>
</body>
私の問題は、検索結果のリンクのいずれかをクリックすると、次のページに ID が渡されず、URL にこれが表示されることです。
http://localhost/fb/player_verification.php?id=$row[id]
これの代わりに
http://localhost/fb/player_verification.php?id=139
以前のように、私は何を間違っていますか?