【发布时间】:2016-12-25 17:37:28
【问题描述】:
我正在使用 DataTables,但它导致错误,我找不到错误所在。
我想使用服务器端处理,因为插入 11k Rows 后,它是滞后的。
我正在使用的代码:
<?php
/* Database connection start */
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "accounts";
$conn = mysqli_connect($servername, $username, $password, $dbname) or die("Connection failed: " . mysqli_connect_error());
/* Database connection end */
// storing request (ie, get/post) global array to a variable
$requestData= $_REQUEST;
$columns = array(
// datatable column index => database column name
0 =>'type',
1 => 'country',
2 => 'information',
3 => 'seller',
4 => 'price'
);
// getting total number records without any search
$sql = "SELECT type, country, information, seller, price ";
$sql.=" FROM accounts WHERE type2='1'";
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees");
$totalData = mysqli_num_rows($query);
$totalFiltered = $totalData; // when there is no search parameter then total number rows = total number filtered rows.
$sql = "SELECT type, country, information, seller, price ";
$sql.=" FROM accounts WHERE type2='1' AND 1=1";
if( !empty($requestData['search']['value']) ) { // if there is a search parameter, $requestData['search']['value'] contains search parameter
$sql.=" AND ( type LIKE '".$requestData['search']['value']."%' ";
$sql.=" OR country LIKE '".$requestData['search']['value']."%' ";
$sql.=" OR information LIKE '".$requestData['search']['value']."%' )";
$sql.=" OR seller LIKE '".$requestData['search']['value']."%' )";
}
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees");
$totalFiltered = mysqli_num_rows($query); // when there is a search parameter then we have to modify total number filtered rows as per search result.
$sql.=" ORDER BY ". $columns[$requestData['order'][0]['column']]." ".$requestData['order'][0]['dir']." LIMIT ".$requestData['start']." ,".$requestData['length']." ";
/* $requestData['order'][0]['column'] contains colmun index, $requestData['order'][0]['dir'] contains order such as asc/desc */
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees");
$data = array();
while( $row=mysqli_fetch_array($query) ) { // preparing an array
$nestedData=array();
$nestedData[] = $row["type"];
$nestedData[] = $row["country"];
$nestedData[] = $row["information"];
$nestedData[] = $row["seller"];
$nestedData[] = $row["price"];
$data[] = $nestedData;
}
$json_data = array(
"draw" => intval( $requestData['draw'] ), // for every request/draw by clientside , they send a number as a parameter, when they recieve a response/data they first check the draw number, so we are sending same number in draw.
"recordsTotal" => intval( $totalData ), // total number of records
"recordsFiltered" => intval( $totalFiltered ), // total number of records after searching, if there is no searching then totalFiltered = totalData
"data" => $data // total data array
);
echo json_encode($json_data); // send data as json format
?>
我没有找到任何解决方案。
PHP 文件中显示的错误
【问题讨论】:
-
我看到 SQL 注入漏洞了吗?
-
是的,我想是的。这是我从谷歌得到的这段代码。
-
请始终将您的错误发布为文本,而不是图像。如果下次登录时可以替换上述内容,那就太好了。您会在“相关”侧边栏 (for example, here) 中看到以前曾提出过这个问题。
标签: php mysql arrays sql-server datatables