堆栈内存溢出
  简体   繁体   English

我应该使用哪个PHP函数来调用动态页面的ID?

[英]What PHP function should I use to call the id of a dynamic page?

 原文  2019-08-08 20:08:40       php/ mysql/ mysqli

问题描述

I'm creating a news website, and want to create a dynamic PHP page that will have the header and footer, and get the content itself (title and text) from the database by calling the article's id via the URL(like 'article.php?id=1'), so that there is no need for creating a new file for each article. 我正在创建一个新闻网站,并希望创建一个具有页眉和页脚的动态PHP页面,并通过URL(如“ article”)调用文章的ID,从数据库中获取内容本身(标题和文本)。 php?id = 1'),因此无需为每篇文章创建一个新文件。 However, I don't know what function should I use to make that work. 但是,我不知道应该使用什么功能来实现该功能。 Currently, the code is like this: 当前,代码是这样的: 

<?php

    include "header.php";

        $query = "SELECT title_article, subtitle_article, content_article FROM tb_article WHERE id_tb_article = 1";

        $conn = mysqli_connect('127.0.0.1:3307', 'root', '', 'article') or die("error");

        $result = mysqli_query($conn, $query);

        if (mysqli_num_rows($result) > 0) {
        // output data of each row
        while($row = mysqli_fetch_assoc($result)) {
            echo "<div class='titlediv'><h1 class='title'>" . $row["title_article"]. "</h1></div><div class='titlediv'><h3 class='title'>". $row["subtitle_article"]. "</h3></div><div class='textdiv'><p class='text'>" . $row["content_article"]. "</p></div><br>";
        }

        } else {
            echo "Article not found";
        }

    include "footer.php";

?>

3 个解决方案

解决方案1
 0 已采纳  2019-08-08 21:18:33

To get the id value from query string in URL, you can use the PHP's superglobal $_GET['id'] . 要从URL中的查询字符串获取id值,可以使用PHP的超全局变量$_GET['id']

To select a dynamic value from SQL using this value you must use prepared statements with parameter binding. 要使用此值从SQL中选择动态值,必须使用带参数绑定的预备语句。

Your code with all the fixes would look more or less like this: 具有所有修复程序的代码或多或少看起来像这样: 

<?php

include "header.php";

$query = "SELECT title_article, subtitle_article, content_article FROM tb_article WHERE id_tb_article = 1";

// Enable mysqli error reporting and NEVER die()
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$conn = new mysqli('127.0.0.1:3307', 'root', '', 'article');
$conn->set_charset('utf8mb4'); // You should always specify the correct charset, which most of the time should be utf8mb4

// prepare -> bind -> execute -> get result
$stmt = $conn->prepare('SELECT title_article, subtitle_article, content_article 
    FROM tb_article 
    WHERE id_tb_article = ? ');
$stmt->bind_param('i', $_GET['id']);
$stmt->execute();
$result = $stmt->get_result();

if ($result->num_rows) {
    // output data of each row
    foreach ($result as $row) {
        echo "<div class='titlediv'><h1 class='title'>" . htmlspecialchars($row["title_article"]). "</h1></div>";
        echo "<div class='titlediv'><h3 class='title'>". htmlspecialchars($row["subtitle_article"]). "</h3></div>";
        echo "<div class='textdiv'><p class='text'>" . htmlspecialchars($row["content_article"]). "</p></div><br>";
    }
} else {
    echo "Article not found";
}

include "footer.php";

Whenever output values into HTML context always do it via htmlspecialchars 每当将值输出到HTML上下文中时,始终通过htmlspecialchars

解决方案2
 -1  2019-08-08 20:23:38

You can use a GET method and the url look like 'article.php?id=2'. 您可以使用GET方法,其网址类似于“ article.php?id = 2”。 

<?php

include "header.php";

    //use GET to get the id
    $id = $_GET["id"];
    // use .$id to concat to the query
    $query = "SELECT title_article, subtitle_article, content_article FROM tb_article WHERE id_tb_article = ".$id;

    $conn = mysqli_connect('127.0.0.1:3307', 'root', '', 'article') or die("error");

    $result = mysqli_query($conn, $query);

    if (mysqli_num_rows($result) > 0) {
    // output data of each row
    while($row = mysqli_fetch_assoc($result)) {
        echo "<div class='titlediv'><h1 class='title'>" . $row["title_article"]. "</h1></div><div class='titlediv'><h3 class='title'>". $row["subtitle_article"]. "</h3></div><div class='textdiv'><p class='text'>" . $row["content_article"]. "</p></div><br>";
    }

    } else {
        echo "Article not found";
    }

include "footer.php";

?> ?>

解决方案3
 -1  2019-08-08 20:40:05

You want to look at the global variables $_GET and $_POST. 您想查看全局变量$ _GET和$ _POST。 In your example ('article.php?id=1') you will find the value of 'id' in $_GET['id']. 在示例('article.php?id = 1')中,您将在$ _GET ['id']中找到'id'的值。

URL: article.php?id=42 网址:article.php?id = 42 

echo $_GET['id']; // Outputs 42

Remember that anyone can change that value in the URL and even injecting malicious queries into your query. 请记住,任何人都可以在URL中更改该值,甚至可以将恶意查询注入到您的查询中。 Its better to at least cast your id to an integer first and use always mysqli_real_escape_string() for URL given variables in the query. 最好至少将您的id首先转换为整数,并始终对查询中给定的URL使用mysqli_real_escape_string()作为URL更好。

URL: article.php?id=42;DROP TABLE tb_article 网址:article.php?id = 42; DROP TABLE tb_article 

echo $_GET['id']; // Outputs "42;DROP TABLE tb_article", would delete your table when used directly

// Convert to an integer value
$id = intval($_GET['id']); // Returns 42
$query = "... FROM tb_article WHERE id_tb_article = ".mysqli_real_escape_string($id);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 GetElementByID动态php ID到js函数的调用 - GetElementByID Dynamic php ID to js function call PHP中的函数已弃用,我现在应该使用什么? - Function in PHP deprecated, what should I use now? 我应该使用什么引号或函数包装此PHP字符串? - What quotes or function should I use to wrap this PHP string? 如何从javascript调用php函数,或者如果无法完成,请问我该怎么做 - how to call a php function from javascript or if that can't be done, some direction on what I should do 我应该在PHP中使用什么进行用户身份验证? - What should I use for user authentication in PHP? 我应该在PHP中使用什么RSS解析器? - What RSS parser should I use in PHP? PHP动态函数调用 - PHP dynamic function call 动态函数调用PHP - Dynamic Function Call PHP 我应该使用什么mysqli函数? - What mysqli function should I use? 我应该使用哪个 PHP 阵列 function? - Which PHP Array function should I use?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM