我已经尝试过this question中的解决方案,但是mysqli
不支持mysql
。即使有了这些更改,它仍然不返回信息,而是返回一个错误,没有其他信息(从mysqli没有听到任何消息)
我正在尝试做的事情有点类似于链接的问题,但是它在URL中看起来像这样:example.com?view-work=A01
它将在数据库中搜索A01,然后返回名称、描述、图像URL和它的制作日期。
这是我能够使用问题中的答案编写的代码:
<?php
//Establishing a connection to the Artwork Database
mysqli_connect('localhost', 'dbuser', 'dbpassword');
mysqli_select_db('db');
$artworkidentifier = $_GET["view_work"];
//Returning the result, if there is one
$artworkidentifier = mysqli_real_escape_string($artworkidentifier);
$sql = "SELECT * FROM ArtDB WHERE art_refcode = '$artworkidentifier'";
$result = mysqli_query($sql);
if (!$result) {
echo "Something's gone wrong! ".mysqli_error();
}
$data = mysqli_fetch_assoc($result);
echo $data["Artwork_Name"];
echo $data["Artwork_Description"];
echo $data["Artwork_URL"];
echo $data["DateUploaded"];
?>
发布于 2018-06-24 02:08:01
这些错误的原因似乎是我自己的无能,也可能是因为我对PHP和MySQL还不熟悉。我了解到,在添加了OP注释中提到的调试异常后,我需要在一些命令中引用我的连接,以使它们成功处理。
正如有人还指出的,是的,这段代码仍然容易受到其他类型的SQL注入的攻击,我将在最终版本的代码上线之前解决这些问题。
已修复代码:
<?php
//Establishing a connection to the Artwork Database
$link = mysqli_connect('localhost', 'dbusr', 'dbpasswd', 'db');
//Exeptional Debugging
ini_set('display_errors', 1);
ini_set('log_errors', 1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
if (!$link) {
echo "Error: Unable to connect to MySQL!";
echo "Error No.".mysqli_connect_errno();
echo "Error in question: ".mysqli_connect_error();
exit;
}
$artworkidentifier = $_GET["view_work"];
//Returning the result, if there is one
$artworkidentifier = mysqli_escape_string($link, $artworkidentifier);
$sql = "SELECT * FROM ArtDB WHERE art_refcode = '$artworkidentifier'";
$result = mysqli_query($link, $sql);
if (!$result) {
echo "Something's gone wrong!"; //This line will be changed later to sound more professional
}
$data = mysqli_fetch_assoc($result);
echo $data["Artwork_Name"];
echo $data["Artwork_Description"];
echo $data["Artwork_URL"];
echo $data["DateUploaded"];
?>
https://stackoverflow.com/questions/51003591
复制相似问题