如何验证来自正确来源的数字$ _GET。
我的网址如下:index.php?page = items& catID = 5
当用户输入类似3的东西时,catID上不存在。我希望它显示错误信息。
$catID = intval($_GET["catID"]);
if($catID) {
$checkSQL = mysql_query("SELECT * FROM category WHERE category_type='2'");
while($checkROW = mysql_fetch_array($checkSQL)) {
$checkCAT != $checkROW["categoryID"];
echo "err msg";
}
到目前为止,我可以提出这个问题,但即使在正确的页面中,它也无法解决错误消息。
谢谢
答案 0 :(得分:0)
哦,我明白了。 while循环中的第一行应该有一个“if”:
while ($checkROW = mysql_fetch_array($checkSQL)) {
if ($checkCAT != $checkROW["categoryID"])
echo "err msg";
答案 1 :(得分:0)
看起来你想要使用mysql_fetch_assoc(),而不是mysql_fetch_array()。
答案 2 :(得分:0)
if($catID) {
实际上只检查catID(或来自$ _GET的catID)是否为非零(非假)。我猜你是否想检查catID是否是从SQL返回的categoryID?
$catID = intval($_GET["catID"]);
checkcat($catID);
function checkcat($check_category) {
$checkSQL = mysql_query("SELECT * FROM category WHERE category_type='2'");
while($checkROW = mysql_fetch_array($checkSQL)) {
if ( $check_category != $checkROW["categoryID"] ) {
echo "err msg";
} else {
echo "not an error message";
}
}
}
阐述你在寻找什么,那么这样的事情呢?
$catID = ($_GET["catID");
if ( !is_numeric($catID) ) {
echo "Not a numeric category!"
} else {
$checkSQLQuery = "SELECT * FROM category WHERE categoryID = '{$catID}' AND category_type='2'"
$resultSQL = mysql_query($checkSQLQuery, $db);
/* NOTE!: Guessing on what your database resouce
pointer is - it isn't included in the origin snippet.
Although, the last opened should be used by default if
this is left out. */
if ( mysql_num_rows($resultSQL) < 1 ) {
echo "Error message, category ID not found"
} else {
echo "Found it!"
}
}