코딩,프로그램
php7.3버전에서 회원관리 list.php 파일 코드 참고용
successmylife
2025. 2. 23. 15:24
아래는 PHP 7.3 환경에서도 문제없이 동작하도록 수정한 코드입니다. 주된 변경 사항은 다음과 같습니다.
- 컬럼별 개별 바인딩 적용
- 각 컬럼을 LIKE :searchX 형태로 바인딩하여 SQL 인젝션 방지 및 PHP 7.3 호환성 유지.
- $stmh = $pdo->query($sql); → $stmh = $pdo->prepare($sql);
- prepare()를 사용하여 bindValue()를 적용할 수 있도록 변경.
- bindValue()를 루프 내에서 개별 적용
- foreach ($bindParams as $paramName => $paramValue) { $stmt->bindValue($paramName, $paramValue, PDO::PARAM_STR); }
🔹 수정된 전체 코드
<?php
require_once($_SERVER['DOCUMENT_ROOT'] . "/session.php");
if (!isset($_SESSION["level"]) || $_SESSION["level"] > 5) {
sleep(1);
header("Location:" . $WebSite . "login/login_form.php");
exit;
}
include $_SERVER['DOCUMENT_ROOT'] . '/load_header.php';
$title_message = '회원관리';
?>
<title> <?=$title_message?> </title>
<body>
<? include $_SERVER['DOCUMENT_ROOT'] . '/myheader.php'; ?>
</head>
<?php
$tablename = "member";
require_once($_SERVER['DOCUMENT_ROOT'] . "/lib/mydb.php");
$pdo = db_connect();
if (isset($_REQUEST["mode"])) {
$mode = $_REQUEST["mode"];
} else {
$mode = "";
}
if (isset($_REQUEST["search"])) {
$search = $_REQUEST["search"];
} else {
$search = "";
}
// 기본 SQL 쿼리
$sql = "SELECT * FROM {$DB}.{$tablename} ORDER BY num DESC";
if ($mode == "search" && !empty($search)) {
// 테이블의 모든 컬럼 가져오기
$columns = [];
$stmt = $pdo->query("SHOW COLUMNS FROM " . $DB . "." . $tablename);
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$columns[] = $row['Field'];
}
// LIKE 검색 조건 및 바인딩용 배열 생성
$searchConditions = [];
$bindParams = [];
foreach ($columns as $index => $col) {
$paramName = ":search{$index}"; // 개별 바인딩을 위해 동적 파라미터 생성
$searchConditions[] = "$col LIKE $paramName";
$bindParams[$paramName] = "%$search%";
}
if (!empty($searchConditions)) {
$sql = "SELECT * FROM {$DB}.{$tablename} WHERE " . implode(" OR ", $searchConditions) . " ORDER BY num DESC";
}
}
// SQL 실행
$stmt = $pdo->prepare($sql);
if ($mode == "search" && !empty($search)) {
foreach ($bindParams as $paramName => $paramValue) {
$stmt->bindValue($paramName, $paramValue, PDO::PARAM_STR);
}
}
$stmt->execute();
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
?>
<form name="board_form" id="board_form" method="post" action="list.php?mode=search&search=<?=$search?>">
<div class="container-fluid justify-content-center">
<div class="d-flex mt-3 mb-3 justify-content-center align-items-center">
<span class="text-secondary fs-5 "> <?=$title_message?> </span>
<button type="button" class="btn btn-dark btn-sm mx-2" onclick='location.reload()'>
<i class="bi bi-arrow-clockwise"></i>
</button>
</div>
<div class="d-flex mt-2 mb-2 justify-content-center">
<button type="button" class="btn btn-dark btn-sm mx-1" onclick="popupCenter('initsettings.php', '소속관리', 600, 800);return false;"> 소속관리 </button>
<button type="button" class="btn btn-dark btn-sm mx-1" onclick="popupCenter('setline.php', '결재라인 등록', 600, 500);return false;"> 결재라인 </button>
<input type="text" name="search" id="search" value="<?=$search?>" class="form-control mx-1" style="width:200px;" onkeydown="JavaScript:SearchEnter();" placeholder="검색어">
<button type="button" id="searchBtn" class="btn btn-dark btn-sm mx-1">
<ion-icon name="search-outline"></ion-icon>
</button>
<button type="button" class="btn btn-dark btn-sm mx-1" onclick="popupCenter('write_form.php', '등록', 600, 750);return false;">
<ion-icon name="pencil-outline"></ion-icon> 신규
</button>
</div>
<div class="row d-flex">
<table class="table table-hover" id="myTable">
<thead class="table-primary">
<tr>
<th class="text-center"> 번호 </th>
<th class="text-center"> ID </th>
<th class="text-center"> P/W </th>
<th class="text-center"> 성명 </th>
<th class="text-center"> 재직/퇴직 </th>
<th class="text-center"> 생년월일 </th>
<th class="text-center"> 입사일 </th>
<th class="text-center"> HP </th>
<th class="text-center"> 레벨 </th>
<th class="text-center"> 소속회사 </th>
<th class="text-center"> 파트 </th>
<th class="text-center"> 직위 </th>
<th class="text-center"> 회계권한 </th>
<th class="text-center"> 전자결재 </th>
<th class="text-center"> numorder </th>
<th class="text-center"> 주소 </th>
</tr>
</thead>
<tbody>
<?php
try {
$stmh = $stmt; // 검색조건에 맞는 쿼리 실행된 객체
$total_row = $stmh->rowCount();
$start_num = $total_row;
while ($row = $stmh->fetch(PDO::FETCH_ASSOC)) {
include '_row.php';
?>
<tr onclick="redirectToView('<?=$num?>')">
<td class="text-center"> <?= $start_num ?> </td>
<td class="text-center"> <?= $id ?> </td>
<td class="text-center"> <input type="password" class="form-control w120px" value="<?= $pass ?>" readonly> </td>
<td class="text-center"> <?= $name ?> </td>
<td class="text-center text-danger fw-bold"> <?= ($quitDate === '0000-00-00' || $quitDate === '' || $quitDate === null) ? '' : '퇴직' ?> </td>
<td class="text-center"> <?= ($birthday === '0000-00-00' || $birthday === '' || $birthday === null) ? '' : $birthday ?> </td>
<td class="text-center"> <?= ($enterDate === '0000-00-00' || $enterDate === '' || $enterDate === null) ? '' : $enterDate ?> </td>
<td class="text-center"> <?= $hp ?> </td>
<td class="text-center"> <?= $lv ?> </td>
<td class="text-center"> <?= $division ?> </td>
<td class="text-center"> <?= $part ?> </td>
<td class="text-center"> <?= $position ?> </td>
<td class="text-center"> <?= $authority ?> </td>
<td class="text-center"> <?= $eworks_lv ?> </td>
<td class="text-center"> <?= $numorder ?> </td>
<td class="text-center"> <?= $address ?> </td>
</tr>
<?php
$start_num--;
}
} catch (PDOException $Exception) {
print "오류: " . $Exception->getMessage();
}
?>
</tbody>
</table>
</div>
</div>
</form>
</body>
</html>
이제 PHP 7.3에서도 정상 작동할 것입니다. 🚀😊
반응형