我正在尝试在线显示用户列表
[英]I am trying to display the list of users online
问题描述
I am trying to display the list of users online. 
我正在尝试在线显示用户列表。 And I have a sql but in my page it says " You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 8 ", I was wondering how do I display the list of users with out any errors. 我有一个SQL,但是在我的页面上它写着“ 您的SQL语法有错误;请查看与您的MySQL服务器版本相对应的手册,以找到在第8行附近的”附近使用正确的语法 ”,我想知道该怎么做。我显示没有任何错误的用户列表。
<?php $sql = "SELECT
user_id,
user_name,
online
FROM
users
WHERE
user_id = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
if(!$result)
{
echo 'There are currently no user online.' . mysql_error();
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'There are currently no user online.';
}
else
{
//display category data
while($row = mysql_fetch_assoc($result))
{ $D= $row['online'];
if( ($D) !=1)
{
echo 'There are currently no user online.';
}
else
{
echo'<a href="/index.php?area=profile&userid=' . $posts_row['user_id'] . '" class="topicuser_member"><span ' . $posts_row['user_class'] . '>' . $posts_row['user_name'] . '</span></a>,';}}}}?>
3 个解决方案
解决方案1
1 已采纳 2012-10-04 22:17:00
You need quotes around your string in the where clause: 在where子句中,需要在字符串两边加上引号:
$sql = "SELECT
user_id,
user_name,
online
FROM
users
WHERE
user_id = '" . mysql_real_escape_string($_GET['id']) . "'";
解决方案2
0 2012-10-04 22:21:17
Is the variable 'id' defined? 是否定义了变量“ id”? also if you are trying to get a list of online users you have the sql query wrong, it should be 另外,如果您尝试获取在线用户列表,则您的sql查询错误,应该是
$sql = "SELECT
user_id,
user_name,
online
FROM
users
WHERE
//here you should have the online column
online = online" or whatever the online value you have set
解决方案3
0 2012-10-04 22:22:55
A) Manual string escaping is a bad idea & leaves you open to SQL injection on the chance you forget to do it. A)手动字符串转义是一个坏主意,一旦您忘记执行此操作,就可以进行SQL注入。 Drop mysql_real_escape_string() and look into using PDO with bound variables so you never have to worry about it again. 删除mysql_real_escape_string()并考虑将PDO与绑定变量一起使用,因此您不必再担心它。
B) You're trying to query the details of a single user ID. B)您正在尝试查询单个用户ID的详细信息。 This is only ever going to tell you if a single user is online or not. 这只会告诉您单个用户是否在线。 Not very useful. 不太有用。 You probably want to just drop your WHERE clause, if you're shooting for a list of all the online users. 如果要拍摄所有在线用户的列表,则可能只想删除WHERE子句。
C) A list of all online users can quickly grow out of control if you have any meaningful number of users. C)如果您有大量用户,则所有在线用户的列表都会很快失去控制。 I'd strongly suggest falling back to a straight count of users (potentially with a page of all online users if anyone really wants that much information). 我强烈建议您回退大量的用户(如果有人真的想要那么多的信息,则可能会显示所有在线用户的页面)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.