保存mysql select in variable并在if语句中使用
[英]saving mysql select in variable and using in if statement
问题描述
I know this question has been indirectly explained, but I just cant seam to get it right. 
我知道这个问题已经间接解释过了,但我只是不能接受它才能做到正确。 Im building a mathematical tool for teachers to create exercises, etc. The data base is populated by many individuals, my data base has a table for each exercise, the actual row for it is set unique. 我正在为教师建立一个数学工具来创建练习等。数据库由许多人填充,我的数据库有一个表格用于每个练习,它的实际行设置为唯一。 Given that a given exercise can have more than one answer there is another table 'resolución' linking to a resolutions manual which is dynamically created in a latter stage. 鉴于给定的练习可以有多个答案,还有另一个表'resolución'链接到在后一阶段动态创建的分辨率手册。 My code so far is this: 到目前为止我的代码是这样的:
<?php
$continued = mysql_connect("localhost","root","");
if ($continued) {
echo ("Connection is succeed");
} else {
echo ("Connection is fail");
}
mysql_select_db("Problemas Calculo 1");
$provisional = null;
$provisional = mysql_query ("SELECT 'Id_ejercicio' FROM `Problemas Calculo 1`.`Ejercicios` WHERE `Ejercicios`.`ejercicio = '$_POST[ejercicio]'");
if ($provisional === null){
$Ejer_result = mysql_query("INSERT INTO `Problemas Calculo 1`.`Ejercicios` (`Id_ejercicio`, `Tipo`, `Clase`, `Tema`, `Ejercicio`, `Dificultad`) VALUES (NULL, ".$_POST['tipo'].", ".$_POST['clase'].", ".$_POST['tema'].", '$_POST[ejercicio]', ".$_POST['dificultad'].")");
if ($Ejer_result) {
echo ("<br> succeed");
$Ejer_resolucion = mysql_query("INSERT INTO `Problemas Calculo 1`.`Resolucion` (`id_resolucion`,`id_ejercicio`) VALUES (NULL, LAST_INSERT_ID())");
} else {
echo ("<br> fail");
}
} else {
echo ("Ejercicio ya existe; se creara nueva solucion");
$Ejer_resolucion = mysql_query("INSERT INTO `Problemas Calculo 1`.`Resolucion` (`id_resolucion`,`id_ejercicio`) VALUES (NULL, '$provisional')");
if ($Ejer_resolucion) {
echo ("<br> succeed Resolucion");
} else {
echo ("<br> fail Resolucion");
}
}
?>
I think that my problem is in setting the variable $provisional 我认为我的问题在于设置变量$ provisional
2 个解决方案
解决方案1
2 2013-05-31 22:31:39
mysql_query returns a resultset-identifier, you should not check it against NULL or false, but should count the numer via mysql_numrows. mysql_query返回一个resultset-identifier,你不应该反对NULL或false,但应该通过mysql_numrows计算数字。
Also you should use mysqli_functions since mysql_* is deprecated (at least folks here are repeating that over and over again). 你也应该使用mysqli_functions,因为不推荐使用mysql_ *(至少这里的人一遍又一遍地重复)。 FALSE only comes in an error, not in an empty set. FALSE只出现错误,而不是空集。
解决方案2
0 2013-05-31 22:32:45
I see a massive SQL injection vulnerability right off the bat. 我立即看到了一个庞大的SQL注入漏洞。 At the very least, you should be using mysqli_* functions and NOT mysql_* functions while sanitizing data. 至少,您应该在清理数据时使用mysqli_ *函数而不是mysql_ *函数。 Best case would be to learn PDO. 最好的情况是学习PDO。
Object-oriented PDO may be a learning curve, but well worth it. 面向对象的PDO可能是一个学习曲线,但非常值得。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.