mysqli_fetch_array 如何一次获取一行?
[英]mysqli_fetch_array how to get one row at a time?
问题描述
My php code is as follows: This is part of a quiz where I am displaying one question and 4 multiple choices in html page via ajax jQuery. 
My php code is as follows: This is part of a quiz where I am displaying one question and 4 multiple choices in html page via ajax jQuery. I know how to run while loop and display all data one after the other but how do I just display one question at a time?我知道如何运行 while 循环并一个接一个地显示所有数据,但我如何一次只显示一个问题?
So after one question is answered, I would like to view the next question.因此,在回答了一个问题后,我想查看下一个问题。 Is it possible to run a counter and pull one result at a time and next result and so on.. ?是否可以运行一个计数器并一次提取一个结果和下一个结果等等..?
<?php
header("Access-Control-Allow-Origin: *");
require 'db.php';
// making empty variable
$createTable = "";
$test_id=$_POST["test_id"];
$sql=mysqli_query($con,"select * from mst_question where test_id='$test_id' ");
$counter = 0;
while($row=mysqli_fetch_array($sql))
{
$counter++;
$createTable .= '<div class="text-subhead-2 text-center" style="background-color:#42A5F5">Question ';
$createTable .= $counter;
$createTable .= ' of 25</div>';
$createTable .= '<div class="panel panel-default paper-shadow" data-z="0.5">';
$createTable .= '<div class="panel-body">';
$createTable .= '<p class="text-body-2">';
$createTable .= $row['que_desc'];
$createTable .= '</p>';
$createTable .= '</div>';
$createTable .= '</div>';
$createTable .= '<div class="text-subhead-2 text-light">Your Answer</div>';
$createTable .= '<div class="panel panel-default paper-shadow" data-z="0.5">';
$createTable .= '<div class="panel-body">';
$createTable .= '<div class="radio radio-success">';
$createTable .= '<input type="radio" name="radio';
$createTable .= $counter;
$createTable .= '" id="radio1';
$createTable .= $counter;
$createTable .= '" value="';
$createTable .= $row['ans1'];
$createTable .= '" >';
$createTable .= '<label for="radio1';
$createTable .= $counter;
$createTable .= '">';
$createTable .= $row['ans1'];
$createTable .= '</label>';
$createTable .= '</div>';
$createTable .= '<div class="radio radio-success">';
$createTable .= '<input type="radio" name="radio';
$createTable .= $counter;
$createTable .= '" id="radio2';
$createTable .= $counter;
$createTable .= '" value="';
$createTable .= $row['ans2'];
$createTable .= '" >';
$createTable .= '<label for="radio2';
$createTable .= $counter;
$createTable .= '">';
$createTable .= $row['ans2'];
$createTable .= '</label>';
$createTable .= '</div>';
$createTable .= '<div class="radio radio-success">';
$createTable .= '<input type="radio" name="radio';
$createTable .= $counter;
$createTable .= '" id="radio3';
$createTable .= $counter;
$createTable .= '" value="';
$createTable .= $row['ans3'];
$createTable .= '" >';
$createTable .= '<label for="radio3';
$createTable .= $counter;
$createTable .= '">';
$createTable .= $row['ans3'];
$createTable .= '</label>';
$createTable .= '</div>';
$createTable .= '<div class="radio radio-success">';
$createTable .= '<input type="radio" name="radio';
$createTable .= $counter;
$createTable .= '" id="radio4';
$createTable .= $counter;
$createTable .= '" value="';
$createTable .= $row['ans4'];
$createTable .= '" >';
$createTable .= '<label for="radio4';
$createTable .= $counter;
$createTable .= '">';
$createTable .= $row['ans4'];
$createTable .= '</label>';
$createTable .= '</div>';
$createTable .= '</div>';
$createTable .= '</div>';
}
echo $createTable;
mysqli_close($con);
?>
1 个解决方案
解决方案1
0 已采纳 2020-04-15 20:43:24
Firstly, your code is dangerous because can be hacked via sql injection.首先,您的代码很危险,因为可以通过 sql 注入攻击。 You always should use parameter bindings.您始终应该使用参数绑定。
The simplest way is passing an id of the question stored in mst_question and selecting one by WHERE clause (like test_id).最简单的方法是传递存储在 mst_question 中的问题的 id 并通过 WHERE 子句(如 test_id)选择一个。
//...
$test_id=$_POST["test_id"];
$questionId = filter_var($_POST['question_id'],FILTER_VALIDATE_INT);
if (!$questionId){
die('done');
}
$stmt= mysqli_prepare($con,"select * from mst_question where test_id='$test_id' AND id=?");
mysqli_stmt_bind_param(**$stmt**, 'd',$questionId);
mysqli_stmt_execute(**$stmt**);
// work with $stmt.
// f.e. your loop but now there will be only one execution
mysqli_stmt_close($stmt);
//...
$createTable .= '<input type="hidden" name="nextQuestionId" value="'.$nextQuestionId.'"/>';
//...
With input field you will return id of the next question which can be passed in url argument within javascript code.使用输入字段,您将返回下一个问题的 id,该问题可以在 javascript 代码中的 url 参数中传递。
if you are worried about quiz-cheaters, you can increase security by hashing an nextQuestionId.如果您担心测验作弊者,您可以通过散列 nextQuestionId 来提高安全性。
//...
$stmt = mysqli_prepare($con,"select * from mst_question where test_id='$test_id' AND sha1(CONCAT('slat_',id))=?");
//...
$createTable .= '<input type="hidden" name="nextQuestionId" value="'.sha1('salt_'.$nextQuestionId).'"/>';
//...
It's not the best solution but requiring minimal changes of your code.这不是最好的解决方案,但需要对代码进行最少的更改。
I would like to suggest switching to PDO - very friendly and powerful way to interact with database.我想建议切换到 PDO - 与数据库交互的非常友好和强大的方式。 See an example.看一个例子。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.