我正在尝试使用两个不同的$ _GET语句(在前两个代码块中),然后将它们的值传递给SQL语句(在第三个代码块中),但是它对我来说是错误的。我想知道我是否错误地使用了$ _GET语句?感谢您的帮助!
if (!(isset($_GET['companyselected']))) {
$result = mysqli_query($db, "SELECT DISTINCT Company_ID, CompanyName " . "FROM Company");
$fields = mysqli_fetch_fields($result);
echo "<table style='width:900px'><tr>";
foreach ($fields as $column)
echo "<th>" . $column->name . "</th>";
echo "<th>Select Bus Company</th></tr>";
while ($row = mysqli_fetch_assoc($result)) {
echo "<tr>";
foreach ($row as $field) echo "<td>" . $field . "</td>";
echo "<td><a href=\"" . $_SERVER['PHP_SELF'] . "?companyselected="
. $row['Company_ID'] . "\" style=\"color: green;\">Show Routes</a></td></tr>";
}
echo "</table>";
}
if (isset($_GET['companyselected']))
{
if ($result = mysqli_query($db, "SELECT DISTINCT RouteNum, RouteName FROM Route WHERE Company_ID = " . (int)$_GET['companyselected']))
{
$fields = mysqli_fetch_fields($result);
echo "<table style='width:900px'><tr>";
foreach ($fields as $column)
echo "<th>" . $column->name . "</th>";
echo "<th>Select Bus Company</th></tr>";
while ($row = mysqli_fetch_assoc($result)) {
echo "<tr>";
foreach ($row as $field) echo "<td>" . $field . "</td>";
echo "<td><a href=\"" . $_SERVER['PHP_SELF'] . "?routeselected="
. $row['RouteNum'] . "\" style=\"color: green;\">Display Route</a></td></tr>";
}
echo "</table>";
}
}
//error is within the $result variable below
if (isset($_GET['routeselected']))
{
$result = mysqli_query($db, "SELECT * FROM STOP INNER JOIN RouteStop ON Stop.Stop_ID = RouteStop.Stop_ID WHERE RouteStop.Route_ID = " . (int)$_GET['routeselected'] . " AND RouteStop.Company_ID = " . (int)$_GET['companyselected']);
while ($row = mysqli_fetch_array($result))
echo "{\"title\": '".$row['Stop_ID']."', \"lat\": '".$row['Latitude']."', \"lng\": '".$row['Longitude']."', \"description\": '".$row['StopName']."'},";
}
?>
答案 0 :(得分:0)
尝试更改此行:
if ($result = mysqli_query($db, "SELECT DISTINCT RouteNum, RouteName FROM Route WHERE Company_ID = " . (int)$_GET['companyselected']))
to(添加单引号并删除我想象的int):
if ($result = mysqli_query($db, "SELECT DISTINCT RouteNum, RouteName FROM Route WHERE Company_ID = '" . mysqli_real_escape_string($cxn, $_GET['companyselected']) . "'"))
如果您包含&#39; connect.php&#39;,则可以访问$ cxn文件。
同时尝试更改此行:
$result = mysqli_query($db, "SELECT * FROM STOP INNER JOIN RouteStop ON Stop.Stop_ID = RouteStop.Stop_ID WHERE RouteStop.Route_ID = " . (int)$_GET['routeselected'] . " AND RouteStop.Company_ID = " . (int)$_GET['companyselected']);
为:
$result = mysqli_query($db, "SELECT * FROM STOP INNER JOIN RouteStop ON Stop.Stop_ID = RouteStop.Stop_ID WHERE RouteStop.Route_ID = " . mysqli_real_escape_string($cxn, (int)$_GET['routeselected']) . " AND RouteStop.Company_ID = '" . mysqli_real_escape_string($cxn, $_GET['companyselected']) . "'");
如果路由号码不是字母数字但只是数字,请删除我在建议的编辑中围绕sql $ _GETs放置的单引号。
答案 1 :(得分:0)
非常感谢您的回复!来了解一下,我不得不将(int)$_GET['companyselected']从SQL查询的第一个结果连接到SQL查询的第二个结果,现在它工作得很漂亮。这是带连接的代码:
echo "<td><a href=\"" . $_SERVER['PHP_SELF'] . "?routeselected="
. $row['RouteNum'] . "&companyselected=" . (int)$_GET['companyselected'] . "\" style=\"color: green;\">Display Route</a></td></tr>";
再次感谢!!