网址上的PHP / JSON参数

Question

我创建了一个连接数据库的php文件，从表中获取数据并以json格式显示。

名为index.php的文件。

要查看json，我只是转到浏览器中的文件：

http://127.0.0.1/json/index.php and it displays:

{"title":[{"id":"1","title":"Title1","desc":"Description1"},{"id":"2","title":"Title2","desc":"Description2"}]}

我需要做的是能够通过添加以下参数来过滤此内容：

For example: http://127.0.0.1/json/index.php?id=1 to just show the data with an id of 1 but it still shows all the data.

这是PHP代码：

<?php

$username = "root";
$password = "";
$hostname = "localhost"; 

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
  or die("Unable to connect to MySQL");

$selected = mysql_select_db("mydb",$dbhandle)
  or die("Could not select mydb");

$result = mysql_query("SELECT * FROM contacts");
 $rows = array();
   while($r = mysql_fetch_assoc($result)) {
     $rows['title'][] = $r;
   }

 print json_encode($rows);

?>

我在这里做错了什么或想念什么？

Answer 1

<?php
    $username = "root";
    $password = "";
    $hostname = "localhost"; 

    //connection to the database
    $dbhandle = mysql_connect($hostname, $username, $password)
    or die("Unable to connect to MySQL");

    $selected = mysql_select_db("mydb",$dbhandle)
    or die("Could not select mydb");

    $id = 0;
    if(isset($_GET['id'])){ $id = (int)$_GET['id']; }

    if(!$id){
        $query = "SELECT * FROM `contacts`";
    } else {
        $query = "SELECT * FROM `contacts` WHERE `id`='".$id."'";
    }
    $result = mysql_query($query);
    $rows = array();
    while($r = mysql_fetch_assoc($result)) {
        $rows['title'][] = $r;
    }
    print json_encode($rows);
?>

Answer 2

更改以下

$result = mysql_query("SELECT * FROM contacts");

至

$id = $_REQUEST['id'];

$query = 'SELECT * FROM contacts';

if(is_numeric($id))
    $query .= ' WHERE id = ' . $id;

$result = mysql_query($query);

Answer 3

对于一个，您必须将WHERE添加到您的SQL语句中。

SELECT * FROM `contacts` WHERE `id` = $id

您在哪里看到id无论该ID是什么，它都应该是表中ID列的名称。 但是您还必须先清理输入内容...

if(!is_numeric($_GET['id']))
    exit; // if not a number then exit

$id = mysql_real_escape_string($_GET['id']); // escape the input

当然，这是最基本的错误检查。 您可以对此进行阐述。 因此您的代码看起来更像这样...

<?php

$username = "root";
$password = "";
$hostname = "localhost"; 

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
  or die("Unable to connect to MySQL");

$selected = mysql_select_db("mydb",$dbhandle)
  or die("Could not select mydb");

if(!is_numeric($_GET['id']) || !$_GET['id'])
    exit; // if not an integer or id not set then exit

$id = mysql_real_escape_string($_GET['id']); // escape the input

$result = mysql_query("SELECT * FROM contacts WHERE id = $id");
 $rows = array();
   while($r = mysql_fetch_assoc($result)) {
     $rows['title'][] = $r;
   }

 print json_encode($rows);

?>

而且，您实际上不应该使用root来连接Web应用程序中的数据库。 Mihai也是对的，您应该改用PDO，但是对于这样一个简单的应用程序，它并不是真正必需的。

编辑但以上代码将需要输入id 。 如果您仍希望在没有提供id情况下仍能获取整个列表，则它看起来像这样...

<?php

$username = "root";
$password = "";
$hostname = "localhost"; 

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
  or die("Unable to connect to MySQL");

$selected = mysql_select_db("mydb",$dbhandle)
  or die("Could not select mydb");

$sql = "SELECT * FROM `contacts`";

if(isset($_GET['id']) && $_GET['id'] > 0) {
    // if id is set then add the WHERE statement
    if(!is_numeric($_GET['id']))
        die('id must be an integer');  // if id is not an integer then exit
    $id = mysql_real_escape_string((int)$_GET['id']); // escape the input
    $sql .= " WHERE `id` = $id"; // append the WHERE statement to the sql
}


$result = mysql_query($sql);
 $rows = array();
   while($r = mysql_fetch_assoc($result)) {
     $rows['title'][] = $r;
   }

 print json_encode($rows);

?>

Answer 4

您需要where查询中添加where条件。

$id = (int) $_GET['id'];
$result = mysql_query("SELECT * FROM contacts WHERE id = $id");