请在我的脚本中帮助我解决此问题。在INSERT查询时,$ article_id返回0,而实际上它是一个非0(1,2,3)的值。
我试图在代码的各个方面回显$article_id,它实际上回应了我想要的东西。但是,一旦我试图回应它之后
isset($_POST['submit'])它没有回应任何东西。
我还检查了我在MySQL表中声明的类型.... int。但仍然在数据库中插入0。
请问问题出在哪里?
感谢您的时间和耐心。
$page_name = 'about';
$id = "";
if (isset($_GET['id']))
{
$id = $_GET['id'];
$past1 = mysql_query("SELECT *
FROM about
WHERE about_id = '".$id."' ");
$row = mysql_fetch_array($past1);
echo "<p>" .$row['about_head']."</p>";
echo $row['about_content'];
$article_id = $row['about_id'] ;
$query6 = mysql_query("SELECT c.comment_body, c.comment_date
FROM comment AS c
INNER JOIN about AS ac ON c.article_id = ac.about_id
WHERE c.article_id = '".$article_id."'
AND page_name = '".page_name."'");
while ($comment = mysql_fetch_assoc($query6))
{
echo "<b>Comment:</b> " . $comment['comment_body'] . "<br/>" ;
echo "<b>Date of Comment:</b> " . $comment['comment_date'];
echo "<br/>" ;
echo "</div>";
}
}
if (isset($_POST['submit']))
{
$comment_body = mysql_real_escape_string($_POST['comment_body']);
if (($comment_body == "")
{
echo "<div class=\"error\" >" ;
echo "One/More Empty Field";
echo "</div>";
}
else
{
$query = "INSERT INTO comment (comment_id, article_id, username, page_name,
comment_body, comment_date)
VALUES (NULL, '".$article_id."', '".$_SESSION['logged_username']."',
'".$page_name."', '".$comment_body."', NOW())";
mysql_query($query);
}
}
答案 0 :(得分:0)
你看到的0实际上是一个未初始化的变量的PHP NULL,当你在SQL中转换为字符串时,它被表示为0。
假设您在第一次加载时检索$_GET['id'],并在另一个页面加载时执行POST,$article_id仅在第一次初始化时进行初始化。除非设置$_GET['id'],否则不会填充它。因此,在第一次加载时将其存储在$_SESSION中,并在处理POST时从那里访问它。
// Inside if (isset($_GET['id']))...
// article_id is retrieved and populated from the first SELECT statement...
$article_id = $row['about_id'] ;
// Store it in $_SESSION (assume session_start() was called somewhere we don't see)
$_SESSION['article_id'] = $article_id;
稍后在您的查询中,从$_SESSION:
$query = "INSERT INTO comment (comment_id, article_id, username, page_name,
comment_body, comment_date)
VALUES (NULL, '".$_SESSION['article_id']."', '".$_SESSION['logged_username']."',
'".$page_name."', '".$comment_body."', NOW())";
根据评论,您似乎已经意识到SQL注入漏洞。一定不要忽视这些。在你去的时候对它们进行编码是很重要的,而不是试图稍后返回并填写适当的转义和边界检查。
答案 1 :(得分:0)
查看代码现在是否有效,如果没有帮助您,请留下评论:
<?php
$page_name = 'about';
$id = "";
if (isset($_GET['id']))
{
$id = $_GET['id'];
$past1 = mysql_query("SELECT *
FROM about
WHERE about_id = '".$id."' ");
$row = mysql_fetch_array($past1);
echo "<p>" .$row['about_head']."</p>";
echo $row['about_content'];
$article_id = $row['about_id'] ;
/* next line is for debugging, check if you got
your $article_id variable populates with a value */
echo "<p>My article_id var value is:" .$article_id."</p>";
$query6 = mysql_query("SELECT c.comment_body, c.comment_date
FROM comment AS c
INNER JOIN about AS ac ON c.article_id = ac.about_id
WHERE c.article_id = '".$article_id."'
AND page_name = '".page_name."'");
while ($comment = mysql_fetch_assoc($query6)) {
echo "<b>Comment:</b> " . $comment['comment_body'] . "<br/>" ;
echo "<b>Date of Comment:</b> " . $comment['comment_date'];
echo "<br/>" ;
echo "</div>";
}
/* I've moved the if POST here since the insertion is based
on the existance of $article_id */
if (isset($_POST['submit'])) {
$comment_body = mysql_real_escape_string($_POST['comment_body']);
if ($comment_body == "") { // here you had a sintax error, one more (: if (($comment_body == "") {
echo "<div class=\"error\" >" ;
echo "One/More Empty Field";
echo "</div>";
} else {
$query = "INSERT INTO comment (comment_id, article_id, username, page_name,
comment_body, comment_date)
VALUES (NULL, '".$article_id."', '".$_SESSION['logged_username']."',
'".$page_name."', '".$comment_body."', NOW())";
mysql_query($query);
}
}
}