PHP $_GET和MySQL
PHP $_GET和MySQL
提问于 2012-12-10 10:48:53
我正在尝试创建一个脚本,它在浏览器URL p中获取varible,并查询列的playername中匹配varible p的任何内容,但它仍然不起作用,任何人知道我做错了什么我已经摆弄了几个小时了。
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Admin Panel</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link href="http://example.com/assets/css/bootstrap.css" rel="stylesheet">
<link href="http://example.com/assets/css/docs.css" rel="stylesheet">
<link href="http://example.com/assets/js/google-code-prettify/prettify.css" rel="stylesheet">
<center>
<?php
$con = mysql_connect("","","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("log", $con);
$plyr=$_GET["p"];
$result = mysql_query('SELECT * FROM logs_chat WHERE playername="$plyr"');
echo '
<table class="table">
<thead>
<tr>
<th>Time</th>
<th>Player</th>
<th>Message</th>
</tr>
</thead>
<tbody>
';
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['time'] . "</td>";
echo "<td>" . $row['playername'] . "</td>";
echo "<td>" . $row['text'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
</center>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
<script src="http://example.com/assets/js/jquery.js"></script>
<script src="http://example.com/assets/js/google-code-prettify/prettify.js"></script>
<script src="http://example.com/assets/js/bootstrap-transition.js"></script>
<script src="http://example.com/assets/js/bootstrap-alert.js"></script>
<script src="http://example.com/assets/js/bootstrap-modal.js"></script>
<script src="http://example.com/assets/js/bootstrap-dropdown.js"></script>
<script src="http://example.com/assets/js/bootstrap-scrollspy.js"></script>
<script src="http://example.com/assets/js/bootstrap-tab.js"></script>
<script src="http://example.com/assets/js/bootstrap-tooltip.js"></script>
<script src="http://example.com/assets/js/bootstrap-popover.js"></script>
<script src="http://example.com/assets/js/bootstrap-button.js"></script>
<script src="http://example.com/assets/js/bootstrap-collapse.js"></script>
<script src="http://example.com/assets/js/bootstrap-carousel.js"></script>
<script src="http://example.com/assets/js/bootstrap-typeahead.js"></script>
<script src="http://example.com/assets/js/bootstrap-affix.js"></script>
<script src="http://example.com/assets/js/application.js"></script>
</body>
</html>回答 2
Stack Overflow用户
发布于 2012-12-10 10:52:55
问题出在这里,
$result = mysql_query('SELECT * FROM logs_chat WHERE playername="$plyr"');PHP被认为是字符串而不是变量,$plyr不会解析任何带单引号的' '。您需要连接变量。
将其更改为
$result = mysql_query('SELECT * FROM logs_chat WHERE playername="'.$plyr.'"');更新:
不要使用mysql_*函数,它们很快就会被弃用。使用PDO或mysqli连接数据库。当心SQL注入,$_GET["p"]没有经过验证,并且代码中可能存在弱点。尝试准备好的语句或mysqli_real_escape_string或PDO::quote。
Stack Overflow用户
发布于 2012-12-10 11:45:07
您是否尝试过用单引号将表的名称括起来?
表格:$result = mysql_query('SELECT * FROM logs_chat WHERE playername="$plyr"');
收件人:$result = mysql_query("SELECT * FROM logs_chat WHERE playername='$plyr'");
另外,在获取$_GET变量时,不要忘记使用mysql_real_escape_string。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/13794316
复制相关文章
相似问题
腾讯云开发者
