我有一个页面可以发布到索引页面,例如
index.php?coursecode=COURSECODEHERE
我的非变量查询运行良好。给我所有表格作为 Excel 文件。
我需要将此查询与变量一起使用。
<?php
require_once('dbconnect.php');
$setCounter = 0;
$setExcelName = "download_excal_file";
$setSql = "SELECT * FROM courses WHERE coursecode POSTED VARIABLE COURSECODE HERE";
$setRec = mysql_query($setSql);
$setCounter = mysql_num_fields($setRec);
for ($i = 0; $i < $setCounter; $i++) {
$setMainHeader .= mysql_field_name($setRec, $i)."\t";
}
while($rec = mysql_fetch_row($setRec)) {
$rowLine = '';
foreach($rec as $value) {
if(!isset($value) || $value == "") {
$value = "\t";
} else {
//It escape all the special charactor, quotes from the data.
$value = strip_tags(str_replace('"', '""', $value));
$value = '"' . $value . '"' . "\t";
}
$rowLine .= $value;
}
$setData .= trim($rowLine)."\n";
}
$setData = str_replace("\r", "", $setData);
if ($setData == "") {
$setData = "\n no matching records found\n";
}
$setCounter = mysql_num_fields($setRec);
//This Header is used to make data download instead of display the data
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=".$setExcelName."_Reoprt.xls");
header("Pragma: no-cache");
header("Expires: 0");
//It will print all the Table row as Excel file row with selected column name as header.
echo ucwords($setMainHeader)."\n".$setData."\n";
?>
我怎样才能做到这一点?
最佳答案
1.- mysql_ 已弃用,尽快切换到 PDO 或 mysqli
2.- 始终清理输入,您永远不知道谁可能调用您的链接并从数据库中插入内容(或删除内容)。
也就是说,你可以这样做:
$setSql = "SELECT * FROM courses WHERE
coursecode LIKE '".sanitizeThisShit($_GET["coursecode"])."'";
关于Php mysql Get&Post查询到excel,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42375309/