abstract:<!-- php --> <?php header("Content-type:text/html;charset=utf-8"); $id=isset($_GET['id'])?$_GET['id']:''; $user=isset($_GET['user'])?$_GET
<!-- php -->
<?php
header("Content-type:text/html;charset=utf-8");
$id=isset($_GET['id'])?$_GET['id']:'';
$user=isset($_GET['user'])?$_GET['user']:'';
$name=isset($_GET['name'])?$_GET['name']:'';
$netname=isset($_GET['netname'])?$_GET['netname']:'';
$pwd=isset($_GET['pwd'])?$_GET['pwd']:'';
$gender=isset($_GET['gender'])?$_GET['gender']:'';
$status=isset($_GET['status'])?$_GET['status']:1;
$time=isset($_GET['time'])?$_GET['time']:time();
echo $pwd;
// 创建PDO连接
$type='mysql';
$host='127.0.0.1';
$dbname='phpstudy';
$charset='utf8';
$dsn="$type:host=$host;dbname=$dbname;charset=$charset";
$dbuser='root';
$dbpwd='';
$pdo=new PDO($dsn,$dbuser,$dbpwd);
// PDO预处理方法
// $sql="insert into phpstudy ('user', 'name', 'password', 'time', 'gender', 'netname', 'status') values (:user,:name,:pwd,:time,:gender,:netname,:status)";
// 增加sql
$sql_insert="INSERT INTO `phpstudy` (`user`, `name`, `password`, `time`, `gender`, `netname`, `status`) VALUES (:user,:name,:pwd,:time,:gender,:netname,:status)";
// 查询
$sql_select="select * from `phpstudy`";
// 修改sql
$sql_updata="UPDATE `phpstudy` SET `user`=:user, `name`=:name, `password`=:pwd, `time`=:time, `gender`=:gender, `netname`=:netname, `status`=:status WHERE (`id`=:id);";
// 删除sql
$sql_delete="DELETE FROM `phpstudy` WHERE (`id`=:id)";
// 查询预处理
$stmt=$pdo->prepare($sql_select);
// 设置解析规则
$stmt->setFetchMode(PDO::FETCH_ASSOC);
// 查询操作
if($stmt->execute()){
$rows=$stmt->fetchAll();
}else{
exit(print_r($stmt->errorInfo()));
}
// 添加操作,没有id,只有user
if($user && !$id){
$stmt=$pdo->prepare($sql_insert);
// 参数绑定
$stmt->bindParam('user',$user);
$stmt->bindParam('name',$name);
$stmt->bindParam('pwd',$pwd);
$stmt->bindParam('time',$time);
$stmt->bindParam('gender',$gender);
$stmt->bindParam('netname',$netname);
$stmt->bindParam('status',$status);
bind($stmt,'添加');
}
// 修改操作,既有id,又有user
if($user && $id){
$stmt=$pdo->prepare($sql_updata);
// 参数绑定
$stmt->bindParam('id',$id);
$stmt->bindParam('user',$user);
$stmt->bindParam('name',$name);
$stmt->bindParam('pwd',$pwd);
$stmt->bindParam('time',$time);
$stmt->bindParam('gender',$gender);
$stmt->bindParam('netname',$netname);
$stmt->bindParam('status',$status);
bind($stmt,'修改');
}
// 删除操作,只有id,没有user
if(!$user && $id){
$stmt=$pdo->prepare($sql_delete);
// 参数绑定
$stmt->bindParam('id',$id);
bind($stmt,'删除');
}
// 执行
function bind($stmt,$str){
if($stmt->execute()){
echo '成功'.$str.'了'.$stmt->rowCount().'条数据<br>';
}else{
exit(print_r($stmt->errorInfo()));
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>员工管理表</title>
<style>
table{
border-collapse:collapse;
text-align:center;
margin:0 auto;
}
#add{
text-align:right;
}
input:not([type="radio"]){
width:300px;
border-radius:5px;
height:25px;
border:1px solid #666;
}
#add .gender{
text-align:left;
}
input:focus{
outline:0;
border-color:#b28;
}
#add button{
display: inline-block;
width:300px;
height: 38px;
line-height: 38px;
background-color: #009688;
color: #fff;
white-space: nowrap;
text-align: center;
font-size: 14px;
border: none;
border-radius: 5px;
cursor: pointer;
}
td{
min-width:70px;
}
#emp i{
font-style:normal;
border:1px solid #ddd;
display: inline-block;
height: 25px;
line-height: 25px;
padding:0 15px;
background-color: #009688;
color: #fff;
white-space: nowrap;
text-align: center;
font-size: 14px;
border: none;
border-radius: 5px;
cursor: pointer;
}
#emp .danger{
background-color: #FF5722;
}
.hidden{
display:none;
}
#emp input{
width:auto;
}
#emp .disabled{
text-align: center;
border: 0;
background: #fff;
color: #000;
}
</style>
</head>
<body>
<form method='get'>
<table id='add'>
<caption>新增员工信息</caption>
<tr>
<td>用户名:</td>
<td>
<input type="text" name='user' required>
</td>
</tr>
<tr>
<td>真实姓名:</td>
<td>
<input type="text" name='name' required>
</td>
</tr>
<tr>
<td>网名:</td>
<td>
<input type="text" name='netname' required>
</td>
</tr>
<tr>
<td>密码:</td>
<td>
<input type="text" name='pwd' required>
</td>
</tr>
<tr>
<td>性别:</td>
<td class='gender'>
男<input type="radio" name='gender' value='1' required>
女<input type="radio" name='gender' value='0' required>
</td>
</tr>
<tr>
<td></td>
<td><button type='submit'>提交</button></td>
</tr>
</table>
</form>
<hr>
<table border='1' id='emp'>
<caption>员工信息管理表</caption>
<tr>
<th>序号</th>
<th>账号</th>
<th>姓名</th>
<th>网名</th>
<th>密码</th>
<th>性别</th>
<th>创建时间</th>
<th>状态</th>
<th>操作</th>
</tr>
<?php $index=1; foreach($rows as $row) :?>
<tr>
<td><?php echo $index?></td>
<td><input class='disabled' name='user' disabled='disabled' type="text" value="<?php echo $row['user']?>"></td>
<td><input class='disabled' name='name' disabled='disabled' type="text" value="<?php echo $row['name']?>"></td>
<td><input class='disabled' name='netname' disabled='disabled' type="text" value="<?php echo $row['netname']?>"></td>
<td><input class='disabled' name='pwd' disabled='disabled' type="text" value="<?php echo $row['password']?>"></td>
<td><input class='disabled' name='gender' disabled='disabled' type="text" value="<?php echo $row['gender']?'男':'女'?>"></td>
<td><input class='disabled' name='time' disabled='disabled' type="text" value="<?php echo date('Y/m/d',$row['time'])?>"></td>
<td><input class='disabled' name='status' disabled='disabled' type="text" value="<?php echo $row['status']?'正常':'禁用'?>"></td>
<td>
<i data-num='<?php echo $row['id']?>' onclick='alert(event)'>修改</i>
<i data-num='<?php echo $row['id']?>' onclick='delet(event)'>删除</i>
</td>
</tr>
<?php $index++; endforeach?>
</table>
<hr>
<script>
var showEmp=document.getElementById('showEmp');
function alert(event){
var deleteInner=event.target.nextSibling.nextSibling;
if(event.target.innerHTML=='修改'){
event.target.innerHTML='提交';
deleteInner.innerHTML='取消';
event.target.className='danger';
// 解除input
var td=event.target.parentNode.parentNode.children;
for(var i=0;i<td.length;i++){
if(td[i].children[0] && td[i].children[0].nodeName=='INPUT'){
td[i].children[0].className='';
td[i].children[0].disabled=false;
}
}
}else if(event.target.innerHTML=='提交'){
console.log('修改本行的内容');
var td=event.target.parentNode.parentNode.children;
var str='id='+event.target.dataset.num;
for(var i=0;i<td.length;i++){
if(td[i].children[0] && td[i].children[0].nodeName=='INPUT'){
// console.log(td[i].children[0].name,td[i].children[0].value);
if(td[i].children[0].name=='gender'){
td[i].children[0].value=='男'?str+='&gengder=1':str+='&gengder=0';
}else if(td[i].children[0].name=='time'){
var date=new Date(td[i].children[0].value);
str+='&time='+date.getTime();
}else if(td[i].children[0].name=='status'){
td[i].children[0].value=='正常'?str+='&gengder=1':str+='&gengder=0'
}else{
str+='&'+td[i].children[0].name+'='+td[i].children[0].value;
}
}
}
// console.log(str);
window.location.href="?"+str;
}else if(event.target.innerHTML=='确认'){
console.log('删除成功');
var num=event.target.dataset.num;
window.location.href="?id="+num;
}
}
function delet(event){
var updataButton=event.target.previousSibling.previousSibling;
if(event.target.innerHTML=='取消'){
updataButton.innerHTML='修改';
updataButton.className='';
event.target.innerHTML='删除';
// 将input禁用
console.log(event.target.parentNode.parentNode.children);
var td=event.target.parentNode.parentNode.children;
for(var i=0;i<td.length;i++){
console.log(td[i].children[0]);
if(td[i].children[0] && td[i].children[0].nodeName=='INPUT'){
td[i].children[0].className='disabled';
td[i].children[0].disabled=true;
}
}
}else{
updataButton.innerHTML='确认';
event.target.innerHTML='取消';
updataButton.className='danger';
}
var num=event.target.dataset.num;
}
</script>
</body>
</html>
我觉得PDO最大的优势的防注入sql代码,能保证数据的安全
Correcting teacher:查无此人Correction time:2018-12-21 14:36:07
Teacher's summary:做的不错,pdo确实可以防注入,说明你的水平已经不错了,继续加油。