Question

我创建了一个连接数据库的php文件，从表中获取数据并以json格式显示。

名为index.php。

的文件

要查看json，我只需转到浏览器中的文件：

http://127.0.0.1/json/index.php and it displays:

{"title":[{"id":"1","title":"Title1","desc":"Description1"},{"id":"2","title":"Title2","desc":"Description2"}]}

我需要做的是通过添加以下参数来过滤它：

For example: http://127.0.0.1/json/index.php?id=1 to just show the data with an id of 1 but it still shows all the data.

这是php代码：

<?php

$username = "root";
$password = "";
$hostname = "localhost"; 

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
  or die("Unable to connect to MySQL");

$selected = mysql_select_db("mydb",$dbhandle)
  or die("Could not select mydb");

$result = mysql_query("SELECT * FROM contacts");
 $rows = array();
   while($r = mysql_fetch_assoc($result)) {
     $rows['title'][] = $r;
   }

 print json_encode($rows);

?>

我在这里做错了什么或丢失了什么？

Answer 1

<?php
    $username = "root";
    $password = "";
    $hostname = "localhost"; 

    //connection to the database
    $dbhandle = mysql_connect($hostname, $username, $password)
    or die("Unable to connect to MySQL");

    $selected = mysql_select_db("mydb",$dbhandle)
    or die("Could not select mydb");

    $id = 0;
    if(isset($_GET['id'])){ $id = (int)$_GET['id']; }

    if(!$id){
        $query = "SELECT * FROM `contacts`";
    } else {
        $query = "SELECT * FROM `contacts` WHERE `id`='".$id."'";
    }
    $result = mysql_query($query);
    $rows = array();
    while($r = mysql_fetch_assoc($result)) {
        $rows['title'][] = $r;
    }
    print json_encode($rows);
?>

Answer 2

更改以下

$result = mysql_query("SELECT * FROM contacts");

到

$id = $_REQUEST['id'];

$query = 'SELECT * FROM contacts';

if(is_numeric($id))
    $query .= ' WHERE id = ' . $id;

$result = mysql_query($query);

Answer 3

对于一个你必须在你的SQL语句中添加WHERE ....

SELECT * FROM `contacts` WHERE `id` = $id

如果你看到id，那么这应该是你的表中id列的名称。但是你还必须先对输入进行消毒......

if(!is_numeric($_GET['id']))
    exit; // if not a number then exit

$id = mysql_real_escape_string($_GET['id']); // escape the input

当然这是最基本的错误检查。你可以解释一下。所以你的代码看起来更像......

<?php

$username = "root";
$password = "";
$hostname = "localhost"; 

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
  or die("Unable to connect to MySQL");

$selected = mysql_select_db("mydb",$dbhandle)
  or die("Could not select mydb");

if(!is_numeric($_GET['id']) || !$_GET['id'])
    exit; // if not an integer or id not set then exit

$id = mysql_real_escape_string($_GET['id']); // escape the input

$result = mysql_query("SELECT * FROM contacts WHERE id = $id");
 $rows = array();
   while($r = mysql_fetch_assoc($result)) {
     $rows['title'][] = $r;
   }

 print json_encode($rows);

?>

你真的不应该使用root连接到你的网络应用程序中的数据库。 Mihai也是对的，你应该使用PDO，但对于这么简单的应用来说并不是必需的。

修改但上面的代码需要id输入。如果你想在没有提供id的情况下仍然能够获得整个列表，那么它就会像这样......

<?php $username = "root"; $password = ""; $hostname = "localhost"; //connection to the database $dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL"); $selected = mysql_select_db("mydb",$dbhandle) or die("Could not select mydb"); $sql = "SELECT * FROM `contacts`"; if(isset($_GET['id']) && $_GET['id'] > 0) { // if id is set then add the WHERE statement if(!is_numeric($_GET['id'])) die('id must be an integer'); // if id is not an integer then exit $id = mysql_real_escape_string((int)$_GET['id']); // escape the input $sql .= " WHERE `id` = $id"; // append the WHERE statement to the sql } $result = mysql_query($sql); $rows = array(); while($r = mysql_fetch_assoc($result)) { $rows['title'][] = $r; } print json_encode($rows); ?>

Answer 4

您需要在查询中添加where条件。

$id = (int) $_GET['id'];
$result = mysql_query("SELECT * FROM contacts WHERE id = $id");

url上的PHP / JSON参数

4 个答案: