0
私は今日これで本当に苦労しています。それが動作するように見えることはできません、それはnavbarで 'add-entry.php?go'にナビゲートするだけですが、グレーになってからindex.phpをモーダルでそのまま読み込みます。ブートストラップでモーダルフォームを使用してデータベースにデータを追加する
ここに私のhtmlがあり、フォームとjavascriptのフィルタ入力を含みます。
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>ProSys Component Lookup</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" href="favicon.ico">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://code.jquery.com/jquery-3.1.1.slim.min.js" integrity="sha384-A7FZj7v+d/sdmMqp/nOQwliLvUsJfDHW+k9Omg/a/EheAdgtzNs3hpfag6Ed950n" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js" integrity="sha384-DztdAPBWPRXSA/3eYEEUWrWCy7G5KFbe8fFjk5JAIxUYHKkDx6Qin1DkWx51bBrb" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <!--Custom CSS -->
<link rel="stylesheet" href="css/main.css">
</head>
<body>
<!-- Wrapper -->
<div class="container-fluid">
<div class="col-xs-12">
<div class="col-xs-12">
<!-- Header -->
<div class="page-header">
<h1><a href="index.php">ProSys Component Lookup</a></h1><br>
</div>
<!-- Main table content -->
<div class="container-fluid">
<button type="button" class="btn btn-primary btn-block" data-toggle="modal" data-target="#myModal">Add New Item</button><br>
<div class="modal fade" role="dialog" id="myModal">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Add New Item</h4>
</div>
<div class="modal-body">
<form method="post" action="add-entry.php?go" role="form">
<div class="form-group">
<label for="location">Location:</label>
<input type="text" class="form-control" name="location">
</div>
<div class="form-group">
<label for="category">Category:</label>
<select class="form-control" name="category">
<option>Processor</option>
<option>Diode</option>
<option>Fuse</option>
<option>Regulator</option>
<option>Capacitor</option>
<option>Inductor</option>
<option>LED</option>
<option>Gate</option>
<option>Modem</option>
<option>Transceiver</option>
<option>Thermistor</option>
<option>Load Switch</option>
<option>Op Amp</option>
<option>Optocoupler</option>
<option>Line Driver</option>
<option>ESD Protection</option>
<option>ADC</option>
<option>RTC</option>
</select>
</div>
<div class="form-group">
<label for="manufacturer">Manufacturer:</label>
<input type="text" class="form-control" name="manufacturer">
</div>
<div class="form-group">
<label for="description">Description:</label>
<textarea type="text" class="form-control" name="description" rows="5"></textarea>
</div>
<div class="form-group">
<label for="packagesize">PackageSize:</label>
<input type="text" class="form-control" name="packagesize">
</div>
<div class="form-group">
<label for="category">Supplier:</label>
<select class="form-control" name="supplier">
<option>Farnell</option>
<option>RS</option>
<option>Rapid</option>
</select>
</div>
<div class="form-group">
<label for="suppliernumber">Supplier Number:</label>
<input type="text" class="form-control" name="suppliernumber">
</div>
<div class="form-group">
<label for="stock">Stock:</label>
<input type="text" class="form-control" name="stock">
</div>
</div>
<div class="modal-footer">
<button type="submit" class="btn btn-default">Add</button>
</div>
</form>
</div>
</div>
</div>
</div>
<!-- Search box -->
<div class="col-md-3">
<form class="styled">
<input type="text" class="form-control" onkeyup="myFunctionOne()" id="myInput" placeholder="Search..">
</form><br>
</div>
<div class="panel">
<div class="panel-body">
<div class="row">
<div class="col-xs-12">
<table class="table table-hover" id="table_demo">
<thead>
<tr>
<th>Location</th>
<th>Manufacturer</th>
<th>Description</th>
<th>PackageSize</th>
<th>Supplier</th>
<th>SupplierNumber</th>
<th>Stock</th>
</tr>
</thead>
<tbody id="myTable">
<tr>
<!-- Database connect and display as table -->
<?php
include("dbconnect.php");
$result = mysql_query("SELECT DrawLocation, Manufacturer, Description, PackageSize, Supplier, SupplierNumber, Stock FROM complibrary");
while($complibrary = mysql_fetch_array($result))
{
echo"<td>".$complibrary['DrawLocation']."</td>";
echo"<td>".$complibrary['Manufacturer']."</td>";
echo"<td>".$complibrary['Description']."</td>";
echo"<td>".$complibrary['PackageSize']."</td>";
echo"<td>".$complibrary['Supplier']."</a></td>";
//IF statement adds in links for web search via SupplierNumber
if ($complibrary['Supplier'] == 'Farnell') {
echo"<td><a target='_blank' href='http://uk.farnell.com/search?st=".$complibrary['SupplierNumber']."'>".$complibrary['SupplierNumber']."</a></td>";
} elseif ($complibrary['Supplier'] == 'RS') {
echo"<td><a target='_blank' href='http://uk.rs-online.com/web/c/?sra=oss&r=t&searchTerm=".$complibrary['SupplierNumber']."'>".$complibrary['SupplierNumber']."</a></td>";
} elseif ($complibrary['Supplier'] == 'Rapid') {
echo"<td><a target='_blank' href='https://www.rapidonline.com/Catalogue/Search?query=".$complibrary['SupplierNumber']."'>".$complibrary['SupplierNumber']."</a></td>";
} else {
echo"<td>".$complibrary['SupplierNumber']."</td>";
}
//IF statement end
echo"<td>".$complibrary['Stock']."</td>";
echo "</tr>";
}
mysql_close($conn);
?>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
<!-- Latest jQuery -->
<script src="https://code.jquery.com/jquery-1.11.3.min.js"></script>
<script src="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.js"></script>
<!-- Filtering script -->
<script>
function myFunctionOne() {
var input, filter, table, tr, td, i;
input = document.getElementById("myInput");
filter = input.value.toUpperCase();
table = document.getElementById("myTable");
tr = table.getElementsByTagName("tr");
for (i = 0; i < tr.length; i++) {
td = tr[i].getElementsByTagName("td")[2];
if (td) {
if (td.innerHTML.toUpperCase().indexOf(filter) > -1) {
tr[i].style.display = "";
} else {
tr[i].style.display = "none";
}
}
}
}
</script>
</html>
そして、ここに私のアドオンentry.phpは
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<?php
if (isset($_POST['location'])){
$hostname = "localhost";
$username = "root";
$password = "";
$dbname = "componentlookup";
$conn = mysql_connect($hostname, $username, $password);
if (!$conn) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db($dbname, $conn);
$location = $_POST['location'];
$category = $_POST['category'];
$manufacturer = $_POST['manufacturer'];
$description = $_POST['description'];
$packagesize = $_POST['packagesize'];
$supplier = $_POST['supplier'];
$suppliernumber = $_POST['suppliernumber'];
$stock = $_POST['stock'];
$query = mysql_query("INSERT INTO 'complibrary' (ID, DrawLocation, Category, Manufacturer, Description, PackageSize, Supplier, SupplierNumber, Stock) VALUES ('NULL', '$location', '$category', '$manufacturer', '$description', '$packagesize', '$supplier', '$suppliernumber', '$stock')");
echo "Item added sucessfully. Click <a href='index.php'>HERE</a> to go back.";
mysql_close($conn);
}
?>
</body>
</html>
だ任意のアイデア?
あなたのコードは[** SQLインジェクション**](https://en.wikipedia.org/wiki/SQL_injection)攻撃の脆弱性があります。あなたは[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)または[** PDO **](https ://secure.php.net/manual/en/pdo.prepared-statements.php)ドライバ。 [**この記事**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)には、いくつかの良い例があります。 –
mysql_ *関数を使用しないでください。それらはv5.5(2013年6月)から廃止され、v7.0(2015年12月)以降削除されました。代わりに[** mysqli _ ***](https://secure.php.net/manual/en/book.mysqli.php)または[** PDO **](https://secure.php.net/** ** prepared statements **](https://secure.php.net/manual/en/pdo.prepare.php)と[**バインドされたパラメータ** ](https://secure.php.net/manual/en/pdostatement.bindparam.php)。 –
あなたのコメントをお寄せいただきありがとうございます。SQLインジェクションは実際には内部的にしか使用できないため、実際には私の同僚のスペアコンポーネントを追跡するためのものです。 私はmysqliにアップデートしますが、これは私が抱えている問題を修正するでしょうか? –