PHP和MySQL:使用$ _GET ['id']查询匹配的表ID
[英]PHP & MySQL: Using $_GET['id'] to query matching table id
问题描述
Hey guys having a bit of bother here, I don't understand why my PHP script isn't working. 
大家在这里有点烦,我不明白为什么我的PHP脚本无法正常工作。
So I will first show the code and then go over the issue I am having: 因此,我将首先显示代码,然后再解决我遇到的问题:
include('select-stock.php');
include('db-affinity/header-main.php'); ?>
<?php $carId = $_GET['id']; ?>
<?php
try {
$carview = $db->prepare("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive, FullRegistration FROM import WHERE FullRegistration = $carId");
} catch (Exception $e) {
echo "Error.";
exit;
}
$cardata = $carview->fetch(PDO::FETCH_ASSOC)
?>
<div class="container">
<div class="row">
<div class="col-md-12 col-sm-12">
<?php echo "$carId"; ?>
<?php echo mysql_errno($carview) ?>
<?php echo '<ul class="overwrite-btstrp-ul other-specs-ul h4-style">
<li>Mileage: '.number_format($cardata["Mileage"]).'</li>
<li>Engine size: '.$cardata["EngineSize"].'cc</li>
</ul>'
?>
</div>
</div>
</div>
<?php include('db-affinity/footer.php') ?>
So basically what I am trying to achieve from this code is giving my page dynamic content based on if the the ?id= of a URL matches a row of my 'FullRegistration' column. 因此,基本上,我想通过这段代码实现的目标是根据URL的?id=是否与我的'FullRegistration'列的一行匹配来为页面提供动态内容。
So for example if I have a URL like this "www.cars.com/carview.php?id=NG61CWJ" I then want my script check if there is a row that has that value in the 'FullRegistration' column of my table and then echo out the results of certain columns of that row like this example currently in my code: 因此,例如,如果我有一个类似“ www.cars.com/carview.php?id=NG61CWJ”的URL,则我希望脚本检查表的“ FullRegistration”列中是否存在具有该值的行,然后回显该行的某些列的结果,例如当前在我的代码中的示例:
<?php echo '<ul class="overwrite-btstrp-ul other-specs-ul h4-style">
<li>Mileage: '.number_format($cardata["Mileage"]).'</li>
<li>Engine size: '.$cardata["EngineSize"].'cc</li>
</ul>'
?>
In theory 理论上
FROM import WHERE FullRegistration = $carId
should make this happen however for some reason on my server when I use the script above I get nil results returned instead of the results of the row that matches the GET id I get: 应该会发生这种情况,但是由于某种原因在我的服务器上使用上面的脚本时,我得到的结果为nil而不是与得到的GET id匹配的行的结果:
Mileage: 0 Engine size: cc 里程:0引擎大小:cc
I am aware my code is insecure at the moment however it isn't an issue at this moment in time. 我知道我的代码目前不安全,但是现在这不是问题。
Any ideas why I might be getting nil results returned, my other queries to this table have worked flawlessly however I am having bother with this one, can you see anything in this code that might cause this issue? 为什么我可能会返回nil结果的任何想法,我对该表的其他查询都已正常工作,但是我对此感到烦恼,您能在这段代码中看到任何可能导致此问题的内容吗?
Here are the other queries that are included at the top of the code block select-stock.php, just in case this could be a bit of a problem: 这是在代码块select-stock.php顶部包含的其他查询,以防万一这可能是一个问题:
<?php
include('database.php');
try {
$results = $db->query("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive, FullRegistration FROM import ORDER BY Make ASC");
} catch (Exception $e) {
echo "Error.";
exit;
}
///carousel-vehicle results
try {
$fourresults = $db->query("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive FROM import ORDER BY Make LIMIT 0, 4");
} catch (Exception $e) {
echo "Error.";
exit;
}
try {
$fourresultsone = $db->query("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive FROM import ORDER BY Make LIMIT 4, 4");
} catch (Exception $e) {
echo "Error.";
exit;
}
try {
$fourresultstwo = $db->query("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive FROM import ORDER BY Make LIMIT 8, 4");
} catch (Exception $e) {
echo "Error.";
exit;
}
try {
$makeFilter = $db->query("SELECT DISTINCT Make FROM import ORDER BY Make ASC");
} catch (Exception $e) {
echo "Error.";
exit;
}
try {
$modelFilter = $db->query("SELECT DISTINCT Model FROM import ORDER BY Make ASC");
} catch (Exception $e) {
echo "Error.";
exit;
}
?>
All of these queries are working flawlessly on the live site so the db connection is obviously working. 所有这些查询在实时站点上都可以正常工作,因此数据库连接显然可以正常工作。
2 个解决方案
解决方案1
1 2014-10-11 16:18:49
I believe if you change the code like this it will work: 我相信,如果您像这样更改代码,它将起作用:
$carview = $db->prepare("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive, FullRegistration FROM import WHERE FullRegistration = '$carId'");
However before continue, be sure to educate yourself on the dangers of the SQL injection , otherwise I can delete or dump every table in your database, just passing the corresponding values to ?id=... 但是,在继续之前,请务必对SQL注入的危险进行自我教育,否则我可以删除或转储数据库中的每个表,只需将相应的值传递给?id=...
解决方案2
0 2014-10-11 17:59:31
Antoan code should work; Antoan代码应该起作用; the second part of his answer is even more important. 他的回答的第二部分更为重要。 If your 'id' value is numeric (as i guess) 如果您的“ id”值是数字(如我所猜)
$_GET['$carId'] = intval($_GET['$carId'])
is an easy way and a good point to start... 是一个简单的方法,也是一个很好的起点...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.