[英]PHP / JSON parameters on url
我创建了一个连接数据库的php文件,从表中获取数据并以json格式显示。
名为index.php的文件。
要查看json,我只是转到浏览器中的文件:
http://127.0.0.1/json/index.php and it displays:
{"title":[{"id":"1","title":"Title1","desc":"Description1"},{"id":"2","title":"Title2","desc":"Description2"}]}
我需要做的是能够通过添加以下参数来过滤此内容:
For example: http://127.0.0.1/json/index.php?id=1 to just show the data with an id of 1 but it still shows all the data.
这是PHP代码:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
$selected = mysql_select_db("mydb",$dbhandle)
or die("Could not select mydb");
$result = mysql_query("SELECT * FROM contacts");
$rows = array();
while($r = mysql_fetch_assoc($result)) {
$rows['title'][] = $r;
}
print json_encode($rows);
?>
我在这里做错了什么或想念什么?
<?php
$username = "root";
$password = "";
$hostname = "localhost";
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
$selected = mysql_select_db("mydb",$dbhandle)
or die("Could not select mydb");
$id = 0;
if(isset($_GET['id'])){ $id = (int)$_GET['id']; }
if(!$id){
$query = "SELECT * FROM `contacts`";
} else {
$query = "SELECT * FROM `contacts` WHERE `id`='".$id."'";
}
$result = mysql_query($query);
$rows = array();
while($r = mysql_fetch_assoc($result)) {
$rows['title'][] = $r;
}
print json_encode($rows);
?>
更改以下
$result = mysql_query("SELECT * FROM contacts");
至
$id = $_REQUEST['id'];
$query = 'SELECT * FROM contacts';
if(is_numeric($id))
$query .= ' WHERE id = ' . $id;
$result = mysql_query($query);
对于一个,您必须将WHERE添加到您的SQL语句中。
SELECT * FROM `contacts` WHERE `id` = $id
您在哪里看到id
无论该ID是什么,它都应该是表中ID列的名称。 但是您还必须先清理输入内容...
if(!is_numeric($_GET['id']))
exit; // if not a number then exit
$id = mysql_real_escape_string($_GET['id']); // escape the input
当然,这是最基本的错误检查。 您可以对此进行阐述。 因此您的代码看起来更像这样...
<?php
$username = "root";
$password = "";
$hostname = "localhost";
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
$selected = mysql_select_db("mydb",$dbhandle)
or die("Could not select mydb");
if(!is_numeric($_GET['id']) || !$_GET['id'])
exit; // if not an integer or id not set then exit
$id = mysql_real_escape_string($_GET['id']); // escape the input
$result = mysql_query("SELECT * FROM contacts WHERE id = $id");
$rows = array();
while($r = mysql_fetch_assoc($result)) {
$rows['title'][] = $r;
}
print json_encode($rows);
?>
而且,您实际上不应该使用root来连接Web应用程序中的数据库。 Mihai也是对的,您应该改用PDO,但是对于这样一个简单的应用程序,它并不是真正必需的。
编辑但以上代码将需要输入id
。 如果您仍希望在没有提供id
情况下仍能获取整个列表,则它看起来像这样...
<?php
$username = "root";
$password = "";
$hostname = "localhost";
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
$selected = mysql_select_db("mydb",$dbhandle)
or die("Could not select mydb");
$sql = "SELECT * FROM `contacts`";
if(isset($_GET['id']) && $_GET['id'] > 0) {
// if id is set then add the WHERE statement
if(!is_numeric($_GET['id']))
die('id must be an integer'); // if id is not an integer then exit
$id = mysql_real_escape_string((int)$_GET['id']); // escape the input
$sql .= " WHERE `id` = $id"; // append the WHERE statement to the sql
}
$result = mysql_query($sql);
$rows = array();
while($r = mysql_fetch_assoc($result)) {
$rows['title'][] = $r;
}
print json_encode($rows);
?>
您需要where
查询中添加where
条件。
$id = (int) $_GET['id'];
$result = mysql_query("SELECT * FROM contacts WHERE id = $id");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.