Skip to content

Commit

Permalink
Curso de PHP🐘 y MySql🐬 [73.-Búsqueda🔍 de registros con PDO y búsqueda…
Browse files Browse the repository at this point in the history 
… de vulnerabilidades]

Video:
https://youtu.be/uOcmiFu4-gs
  • Loading branch information
@programadornovato
programadornovato committed Dec 31, 2019
1 parent 2a740f4 commit 7151001
Show file tree
Hide file tree
Showing 2 changed files with 66 additions and 33 deletions.
78 changes: 47 additions & 31 deletions PDO.php
View file
Expand Up @@ -10,6 +10,11 @@
<!-- Bootstrap CSS -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<link href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" integrity="sha384-wvfXpqpZZVQGK6TAh5PVlGOfQNHSoD2xbE+QkPxCAFlNEevoEH3Sl0sibVcOQVnN" crossorigin="anonymous">
<style>
input.form-control {
font-family: FontAwesome;
}
</style>
</head>

<body>
Expand All @@ -19,40 +24,51 @@
?>
<div class="container mt-3">
<div class="row">
<div class="col-12">
<table class="table table-striped">
<thead>
<tr>
<th>id</th>
<th>nombre</th>
<th>precio</th>
<th>categoria</th>
<th>existencia</th>
<th>foto</th>
<th><a href="crearSQLite.php"><i class="fa fa-plus"></i></a> acciones</th>
</tr>
</thead>
<tbody>
<?php
$resultado = $sqlite->leer();
foreach ($resultado as $key => $value) {
?>
<form>
<div class="col-12">
<table class="table table-striped">
<thead>
<tr>
<td><?php echo $value->id; ?></td>
<td><?php echo $value->nombre; ?></td>
<td><?php echo $value->precio; ?></td>
<td><?php echo $value->categoria; ?></td>
<td><?php echo $value->existencia; ?></td>
<td><?php echo $value->foto; ?></td>
<td><i class="fa fa-edit mr-2"></i><i class="fa fa-trash"></i></td>
<th><input type="text" name="id" class="form-control" value="<?php echo $_REQUEST['id'] ?? ''; ?>" placeholder="&#xf002;"></th>
<th><input type="text" name="nombre" class="form-control" value="<?php echo $_REQUEST['nombre'] ?? ''; ?>" placeholder="&#xf002;"></th>
<th><input type="text" name="precio" class="form-control" value="<?php echo $_REQUEST['precio'] ?? ''; ?>" placeholder="&#xf002;"></th>
<th><input type="text" name="categoria" class="form-control" value="<?php echo $_REQUEST['categoria'] ?? ''; ?>" placeholder="&#xf002;"></th>
<th><input type="text" name="existencia" class="form-control" value="<?php echo $_REQUEST['existencia'] ?? ''; ?>" placeholder="&#xf002;"></th>
<th><button type="submit" class="btn btn-primary">Buscar</button></th>
<th></th>
</tr>
<tr>
<th>id</th>
<th>nombre</th>
<th>precio</th>
<th>categoria</th>
<th>existencia</th>
<th>foto</th>
<th><a href="crearSQLite.php"><i class="fa fa-plus"></i></a> acciones</th>
</tr>
</thead>
<tbody>
<?php
$resultado = $sqlite->leer($_REQUEST);
foreach ($resultado as $key => $value) {
?>
<tr>
<td><?php echo $value->id; ?></td>
<td><?php echo $value->nombre; ?></td>
<td><?php echo $value->precio; ?></td>
<td><?php echo $value->categoria; ?></td>
<td><?php echo $value->existencia; ?></td>
<td><?php echo $value->foto; ?></td>
<td><i class="fa fa-edit mr-2"></i><i class="fa fa-trash"></i></td>
</tr>

<?php
}
?>
</tbody>
</table>
</div>
<?php
}
?>
</tbody>
</table>
</div>
</form>
</div>
</div>
<!-- Optional JavaScript -->
Expand Down
21 changes: 19 additions & 2 deletions sqlite.php
View file
Expand Up @@ -46,9 +46,26 @@ public function insertar($producto=array()){
return true;
}
}
public function leer(){
public function leer($buscar=array()){
$where=" where 1=1 ";
if(empty($buscar['id'])==false){
$where=$where." and id='".$buscar['id']."' ";
}
if(empty($buscar['nombre'])==false){
$where=$where." and nombre='".$buscar['nombre']."' ";
}
if(empty($buscar['precio'])==false){
$where=$where." and precio='".$buscar['precio']."' ";
}
if(empty($buscar['categoria'])==false){
$where=$where." and categoria='".$buscar['categoria']."' ";
}
if(empty($buscar['existencia'])==false){
$where=$where." and existencia='".$buscar['existencia']."' ";
}
$query="SELECT id, nombre, precio, categoria, existencia, foto
FROM productos;";
FROM productos
$where ;";
$sentencia=self::$db->query($query);
$sentencia->execute();
$resultado=$sentencia->fetchAll();
Expand Down

0 comments on commit 7151001

Please sign in to comment.