【发布时间】:2023-04-11 12:11:01
【问题描述】:
大家新年快乐!
我有这个现有的 php 代码,当我第一次开始时,我想知道是否有办法使它成为 OOP,或者我是否应该找到另一种重新创建它的方法。欢迎所有意见。
<?php
require("local_php.inc");
DatabaseConnect();
//Variables to post to results.php
$keyword=$_POST['keyword'];
$location=$_POST['location'];
$type=$_POST['type'];
//Query
$q1 = "SELECT ssearch.id, ssearch.Company, ssearch.Address, ssearch_state.state_location, ssearch.City, ssearch.Zip, ssearch.Phone, ssearch.Description, ssearch.Email,
ssearch_event.Event_name FROM
(ssearch LEFT OUTER JOIN ssearch_state ON ssearch.State = ssearch_state.id)
LEFT OUTER JOIN ssearch_event ON ssearch.Event_id = ssearch_event.id
WHERE ssearch.Company LIKE '%$keyword%'";
if($location != "all")
{
$q1 .= "AND ssearch_state.state_location ='$location' ";
}
if($type != "all")
{
$q1 .= "AND ssearch_event.Event_name ='$type' ";
}
$q1 .= "ORDER BY ssearch.Company DESC LIMIT 0, 3;";
$result = mysql_query($q1);
$q1_total_rows = mysql_num_rows($result);
?>
<div id="content">
<?php if($q1_total_rows >= 1) { ?>
<?php while ($record = mysql_fetch_assoc($result)) { ?>
<div id="table">
<table width="379" height="64" border="0" align="left" bordercolor="#FFFF00" bgcolor="#FEFFD5">
<tr>
<td width="187"><p align="center" class="contentfontsmallsearch"><a href="display.php?ID=<?php echo $record["id"];?>"><?php echo $record["Company"];?></a></p></td>
<td width="182"><p align="center" class="contentfontsmallsearch"><?php echo $record["Event_name"];?></p></td>
</tr>
<tr>
<td><p align="center" class="contentfontsmallsearch"><?php echo $record["state_location"];?></p></td>
<td><p align="center" class="contentfontsmallsearch"><?php echo $record["Description"];?></p></td>
<tr>
</table>
</div>
<?php } ?>
<? } else { ?>
<div id="table2">
<h3 align="center" class="noresults">No Results</h3><br />
<p align="center" class="contentfontsmallsearch">Please Try your Search Again</p><br />
<form action="results.php" method="post" name="myform" id="myform">
<table width="379" height="190" border="0" align="left" bordercolor="#FFFF00" bgcolor="#FEFFD5">
<tr>
<td width="143"><p align="center" class="contentfontsmallsearch">Keyword</p></td>
<td width="226">
<label>
<input name="keyword" type="text" id="keyword" size="30" />
</label>
</td>
</tr>
<tr>
<td><p align="center" class="contentfontsmallsearch">Location</p></td>
<td>
<select name="location">
<option value="all" selected="selected">All Locations</option>
<option value="Pennsylvania">Pennsylvania</option>
<option value="New Jersey">New Jersey</option>
<option value="Delaware">Delaware</option>
</select>
</td>
<tr>
<td width="143"><p align="center" class="contentfontsmallsearch">Event Type </p></td>
<td>
<select name="type">
<option value="all" selected="selected">All Events</option>
<option value="Rally Event">Rally Event</option>
<option value="Awareness Event">Awareness Event</option>
<option value="Donation Event">Donation Event</option>
</select>
</td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="Submit2" value="Search" /></td>
</tr>
</table>
</form>
</div>
<? } ?>
</div>
【问题讨论】:
-
你想要重写它的迫切原因是什么?
-
你应该紧急修复的一件事是SQL injection vulnerability
-
第一步,放弃使用mysql_*函数,mysqli_*同时支持procedural & OO
-
@Pekka 我只是觉得它看起来太初学者了。另外,这是我在了解 SQL 注入之前在大学时所做的事情。