Abhijeetbyte
diff --git a/‎view_attendance.php
Lines changed: 32 additions & 41 deletions b/‎view_attendance.php
Lines changed: 32 additions & 41 deletions
@@ -1,55 +1,46 @@
 <?php
-// Function to sanitize input data
-function sanitize_input($data) {
-    return htmlspecialchars(trim($data));
-}
-
 try {
-    // Connect to SQLite database
+    // Check if required GET fields are set and not empty
+    if (empty($
8000
_GET['roll_number'])) {
+        throw new Exception('Roll number is required.');
+    }
+
+    // Connect to the SQLite database
     $db = new PDO('sqlite:students.db');
-    
-    // Set error mode to throw exceptions
+
+    // Set error mode to exceptions
     $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 
-    // Sanitize and validate input
-    $roll_no = sanitize_input($_GET['roll_no']);
+    // Sanitize user input
+    $roll_number = filter_input(INPUT_GET, 'roll_number', FILTER_SANITIZE_STRING);
 
-    // Check if roll number is provided
-    if (empty($roll_no)) {
-        throw new Exception("Roll number is required.");
-    }
+    // Prepare an SQL statement for safe selection
+    $stmt = $db->prepare("SELECT * FROM students WHERE roll_number = :roll_number");
+
+    // Bind the roll_number parameter
+    $stmt->bindParam(':roll_number', $roll_number);
 
-    // Prepare SQL statement to fetch attendance data
-    $stmt = $db->prepare("SELECT * FROM Attendance WHERE roll_no = :roll_no");
-    $stmt->bindParam(':roll_no', $roll_no);
-    
-    // Execute SQL statement
+    // Execute the statement
     $stmt->execute();
 
-    // Fetch all rows as associative array
-    $results = $stmt->fetchAll(PDO::FETCH_ASSOC);
-
-    // Display attendance data if found, otherwise show message
-    if ($results) {
-        echo "<table border='1' style='margin: 20px auto; border-collapse: collapse;'>";
-        echo "<tr><th>ID</th><th>Roll No</th><th>Student Name</th><th>Date</th></tr>";
-        foreach ($results as $row) {
-            echo "<tr>";
-            echo "<td>" . htmlspecialchars($row['id']) . "</td>";
-            echo "<td>" . htmlspecialchars($row['roll_no']) . "</td>";
-            echo "<td>" . htmlspecialchars($row['student_name']) . "</td>";
-            echo "<td>" . htmlspecialchars($row['date']) . "</td>";
-            echo "</tr>";
-        }
-        echo "</table>";
+    // Fetch the result
+    $student = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    // Display the result if found
+    if ($student) {
+        echo "Roll Number: " . htmlspecialchars($student['roll_number']) . "<br>";
+        echo "Name: " . htmlspecialchars($student['name']) . "<br>";
+        echo "Date: " . htmlspecialchars($student['date']) . "<br>";
     } else {
-        echo "No records found for roll number " . htmlspecialchars($roll_no);
+        echo "No attendance record found for the provided roll number.";
     }
 } catch (Exception $e) {
-    // Log error to server logs
-    error_log("Error: " . $e->getMessage());
-
-    // Error message for users
-    echo "An error occurred. Please try again later.";
+    // Log the error message
+    error_log($e->getMessage());
+    echo "An error occurred: " . htmlspecialchars($e->getMessage());
+} catch (PDOException $e) {
+    // Log the error message
+    error_log($e->getMessage());
+    echo "An error occurred while retrieving attendance data.";
 }
 ?>