我在php网站上添加了onload函数来提交表单,因为当我最初启动页面时,它不会显示任何表,我必须按下搜索按钮才能加载它。然后它就可以正常工作了。但当我使用onload函数时,它会在web启动时显示表,但它会不停地重新提交表单。
<body onload="document.search1.submit()">
<form name="search1" id="search1" action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
From: <input type="date" id="fdate" name="fdate" value="<?php echo $date_from; ?>" max="00/00/0000" />
Until: <input type="date" id="edate" name="edate" value="<?php echo $date_to; ?>" max="00/00/0000" />
<input type="submit" value="Search">
</form>
这是提交函数。
<?php
if(!empty($_POST['fdate'])) {
$date_from = $_POST['fdate'];
} else {
$date_from = date('Y-m-d',strtotime("-1 days"));
}
if(!empty($_POST['edate'])) {
$date_to = $_POST['edate'];
} else {
$date_to = date('Y-m-d',strtotime("-1 days"));
}
$fdate = $_POST['fdate'];
$edate = $_POST['edate'];
$sql = "select
date_format(entries.Date,'%d/%M/%Y') AS 'Date',
user.Name,user.company AS Company,
user.department AS Department,
min(time_format(entries.Date,'%H:%i:%s')) AS 'Start Time',
IF( max(time_format(entries.Date,'%H:%i:%s'))> min(time_format(entries.Date,'%H:%i:%s')), max(time_format(entries.Date,'%H:%i:%s')),'') AS 'Finish Time',
IF(timediff(max(entries.Date),min(entries.Date)) > '00:00:00', timediff(max(entries.Date),min(entries.Date)), '') AS 'Work Time'
from (entries join user on(entries.emp_id = user.emp_id))
where date_format(entries.Date,'%Y-%m-%d') between '".$fdate."' and '".$edate."'
group by date_format(entries.Date,'%d-%m-%Y'),user.Name
order by Date desc";
?>
如果删除onload="document.search1.submit()"并稍微调整PHP,sql应该在第一次加载时运行。我认为,上面代码的问题是依赖于设置的$_POST变量:
$fdate = $_POST['fdate'];
$edate = $_POST['edate'];
如果没有发布的数据,这些数据将是空的,因此查询将不会运行,因此将其修改为:
if( !empty( $_POST['fdate'] ) ) {
$date_from = $_POST['fdate'];
} else {
$date_from = date('Y-m-d',strtotime('-1 days'));
}
if(!empty($_POST['edate'])) {
$date_to = $_POST['edate'];
} else {
$date_to = date('Y-m-d',strtotime('-1 days'));
}
$fdate = $date_from; # use the value determined by the `IF` logic
$edate = $date_to; # use the value determined by the `IF` logic
如果将aliases用于表名,也可以使SQL更易于阅读
$sql = "select
date_format( e.`Date`, '%d/%M/%Y' ) AS `Date`,
u.`Name`,
u.`company` AS `Company`,
u.`department` AS `Department`,
min( time_format( e.`Date`,'%H:%i:%s' ) ) AS `Start Time`,
IF( max( time_format( e.`Date`,'%H:%i:%s' ) ) > min( time_format( e.`Date`,'%H:%i:%s' ) ), max( time_format( e.`Date`,'%H:%i:%s' ) ),'') AS `Finish Time`,
IF( timediff( max( e.`Date`), min( e.`Date` ) ) > '00:00:00', timediff( max( e.`Date`), min( e.`Date` ) ), '') AS `Work Time`
from entries e
join user u on e.`emp_id` = u.`emp_id`
where date_format( e.`Date`,'%Y-%m-%d') between '{$fdate}' and '{$edate}'
group by date_format( e.`Date`,'%d-%m-%Y'), u.`Name`
order by `Date` desc";
也就是说,它仍然容易受到SQL注入的攻击,所以您可能不希望使用prepared statement——也许是这样的:
$sql = "select
date_format( e.`Date`, '%d/%M/%Y' ) AS `Date`,
u.`Name`,
u.`company` AS `Company`,
u.`department` AS `Department`,
min( time_format( e.`Date`, '%H:%i:%s' ) ) AS `Start Time`,
IF( max( time_format( e.`Date`, '%H:%i:%s' ) ) > min( time_format( e.`Date`,'%H:%i:%s' ) ), max( time_format( e.`Date`,'%H:%i:%s' ) ),'') AS `Finish Time`,
IF( timediff( max( e.`Date`), min( e.`Date` ) ) > '00:00:00', timediff( max( e.`Date`), min( e.`Date` ) ), '') AS `Work Time`
from entries e
join user u on e.`emp_id` = u.`emp_id`
where date_format( e.`Date`,'%Y-%m-%d') between ? and ?
group by date_format( e.`Date`,'%d-%m-%Y'), u.`Name`
order by `Date` desc";
$stmt=$conn->prepare( $sql );
$stmt->bind_param('ss',$fdate,$edate);
$stmt->execute();
$stmt->bind_result($date,$name,$company,$department,$start,$finish,$worktime);
while( $stmt->fetch() ){
echo $date,$name,$company,$department,$start,$finish,$worktime;#format output as apporpriate!
}
$stmt->free_result();
$stmt->close();