我正在尝试从我的数据库中的关系表中调用书籍详细信息,mysql在代码语法中引发了错误。上一页是
<html>
<head>
<title>Retrieve Relationships</title>
</head>
<body>
<dl>
<?php
// Connect to database server
mysql_connect("localhost","","") or die (mysql_error ());
// Select database
mysql_select_db("test") or die(mysql_error());
// Get data from the database depending on the value of the id in the URL
$title = (isset($_GET['title']) && is_string($_GET['title'])) ? $_GET['title'] : null;
$sTitle = mysql_real_escape_string($title);
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$sTitle}'";
$rs = mysql_query($strSQL)
// Loop the recordset $rs
while($row = mysql_fetch_array($rs)){
// Write the data of the person
echo "<dt>Book One:</dt><dd>" . $row["bookone"] . "</dd>";
echo "<dt>Book Two:</dt><dd>" . $row["booktwo"] . "</dd>";
echo "<dt>Relationship:</dt><dd>" . $row["relationship"] . "</dd>";
echo "<dt>Likes:</dt><dd>" . $row["relationshiplikes"] . "</dd>";
echo "<dt>Dislikes:</dt><dd>" . $row["relationshipdislikes"] . "</dd>";
}
// Close the database connection
mysql_close();
?>
</dl>
<p><a href="search.php">Return to the list</a></p>
</body>
</html>
我试图让页面显示的是bookone的代码和booktwo的代码,其中bookones id = booksid
任何帮助将不胜感激
答案 0 :(得分:2)
应该是:
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$_GET['bookone']}'";
虽然真的,但应该是:
$title = (isset($_GET['title']) && is_string($_GET['title'])) ? $_GET['title'] : null;
$sTitle = mysql_real_escape_string($title);
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$sTitle}'";
SQL injection相当糟糕:)。
(更不用说如果用户在标题中搜索带有撇号的书,它也会无害地破坏。)
答案 1 :(得分:0)
您似乎不需要此表的连接。你实际上根本没有使用书籍表。看起来你只需要:
SELECT r.bookone, r.booktwo, r.relationship FROM relationships AS r WHERE r.bookone='{$sTitle}'
但稍后您使用的是relationshiplikes
和relationshipdislikes
列,而您尚未使用此查询。所以也许你真正想要的是:
SELECT r.* FROM relationships AS r WHERE r.bookone='{$sTitle}'