如何使用foreach从数据库mysql中选择行?
[英]How select rows from database mysql with foreach?
问题描述
For ex. 
对于前。 adress page test.php?prid=4477535 地址页面test.php?prid = 4477535
Code page test.php 代码页test.php
function query($query) {
$database = 'test';
$host = 'test';
$username = 'test';
$password = 'test';
$link = mysql_connect($host,$username,$password);
if (!$link) {
die(mysql_error());
}
$db_selected = mysql_select_db($database);
if (!$db_selected) {
die(mysql_error());
}
$result = mysql_query($query);
mysql_close($link);
return $result;
}
$product_idn=$_GET['prid'];
$select_image = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'") or die(mysql_error());
foreach ($select_image as $row)
{
$select_image_array[]=$row->image;
}
print_r ($select_image_array);
receives a request 收到请求
SELECT *
FROM products_images
WHERE `product_idn` = '4477535'
If make select from phpmyadmin i have 10 rows. 如果使从phpmyadmin选择,我有10行。
But if i use test.php?prid=4477535 i see empty page. 但是,如果我使用test.php?prid = 4477535,则会看到空白页。
print_r ($select_image_array) not show array. print_r($ select_image_array)不显示数组。
Tell me please why i see rows with phpmyadmin and not see rows with script? 告诉我为什么我用phpmyadmin查看行而不用脚本查看行?
5 个解决方案
解决方案1
3 已采纳 2012-11-25 01:32:53
Like the other said, you are prone to SQL injection since you don't serialize your input, but to fix your code, use this: 就像其他人说的那样,由于不对输入进行序列化,但是您很容易进行SQL注入,但是要修复代码,请使用以下命令:
$select_image = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'") or die(mysql_error());
while($data = mysql_fetch_assoc($select_image))
{
echo $data['image'];
}
解决方案2
0 2012-11-25 01:27:27
You are doing it wrong. 你做错了。 You have to fetch the resource (mysql_query returns a resource) into an array, and the keys of the array will be the names of the rows returned from your query. 您必须将资源(mysql_query返回资源)提取到数组中,并且数组的键将是从查询返回的行的名称。
$product_idn=$_GET['prid'];
$select_image = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'") or die(mysql_error());
while($fetch=mysql_fetch_assoc($select_image))
{
echo $fetch['image'];
}
print_r ($select_image_array);
BTW, You have a security hole here - SQL Injection. 顺便说一句,您在这里有一个安全漏洞-SQL注入。
解决方案3
0 2012-11-25 01:28:55
Test the following 测试以下
$result = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'")
$select_image = mysql_fetch_assoc($result);
var_dump($select_image);
for more information look at http://se2.php.net/mysql_query 有关更多信息,请参见http://se2.php.net/mysql_query
解决方案4
0 2012-11-25 01:31:12
You just echo $row->image; 您只需回显$ row-> image; Never initialize $select_image_array 永远不要初始化$ select_image_array
解决方案5
0 2012-11-25 01:34:07
print_r ($select_image_array); won't show anything because there is no $select_image_array defined. 由于未定义$select_image_array因此不会显示任何内容。 Did you mean print_r ($select_image); 您的意思是print_r ($select_image); ? ?
Is query() a function you've defined? query()是您定义的函数吗? If not and you don't have errors on you are likely to see nothing. 如果没有,并且您没有错误,则可能什么也看不到。
You also need to sanitize your SQL. 您还需要清理SQL。 Simplest method for now since it's an integer: 现在是最简单的方法,因为它是整数:
$product_idn=(int)$_GET['prid'];
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.