嘿伙计们在这里有点麻烦,我不明白为什么我的PHP脚本不起作用。
所以我将首先展示代码,然后回顾我遇到的问题:
include('select-stock.php');
include('db-affinity/header-main.php'); ?>
<?php $carId = $_GET['id']; ?>
<?php
try {
$carview = $db->prepare("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive, FullRegistration FROM import WHERE FullRegistration = $carId");
} catch (Exception $e) {
echo "Error.";
exit;
}
$cardata = $carview->fetch(PDO::FETCH_ASSOC)
?>
<div class="container">
<div class="row">
<div class="col-md-12 col-sm-12">
<?php echo "$carId"; ?>
<?php echo mysql_errno($carview) ?>
<?php echo '<ul class="overwrite-btstrp-ul other-specs-ul h4-style">
<li>Mileage: '.number_format($cardata["Mileage"]).'</li>
<li>Engine size: '.$cardata["EngineSize"].'cc</li>
</ul>'
?>
</div>
</div>
</div>
<?php include('db-affinity/footer.php') ?>
因此,基本上,如果网址的?id=与我的'FullRegistration'列的一行匹配,那么我试图通过此代码实现的目的是为我的网页提供动态内容。
例如,如果我有这样的网址&#34; www.cars.com/carview.php?id = NG61CWJ&#34;然后我想要我的脚本检查在&#39; FullRegistration&#39;中是否有一行具有该值。我的表的列,然后回显出该行的某些列的结果,就像我的代码中的这个示例一样:
<?php echo '<ul class="overwrite-btstrp-ul other-specs-ul h4-style">
<li>Mileage: '.number_format($cardata["Mileage"]).'</li>
<li>Engine size: '.$cardata["EngineSize"].'cc</li>
</ul>'
?>
理论上
FROM import WHERE FullRegistration = $carId
应该会发生这种情况但是由于某种原因在我的服务器上使用上面的脚本时我得到的结果是nil而不是与我得到的GET id相匹配的行的结果:
里程:0 发动机尺寸:cc
我知道我的代码目前是不安全的,但此时此刻并不是问题。
为什么我可能会返回nil结果的任何想法,我对此表的其他查询已经完美无缺,但是我对此问题感到烦恼,您能否在此代码中看到可能导致此问题的任何内容?
以下是代码块select-stock.php顶部的其他查询,以防这可能是一个问题:
<?php
include('database.php');
try {
$results = $db->query("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive, FullRegistration FROM import ORDER BY Make ASC");
} catch (Exception $e) {
echo "Error.";
exit;
}
///carousel-vehicle results
try {
$fourresults = $db->query("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive FROM import ORDER BY Make LIMIT 0, 4");
} catch (Exception $e) {
echo "Error.";
exit;
}
try {
$fourresultsone = $db->query("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive FROM import ORDER BY Make LIMIT 4, 4");
} catch (Exception $e) {
echo "Error.";
exit;
}
try {
$fourresultstwo = $db->query("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive FROM import ORDER BY Make LIMIT 8, 4");
} catch (Exception $e) {
echo "Error.";
exit;
}
try {
$makeFilter = $db->query("SELECT DISTINCT Make FROM import ORDER BY Make ASC");
} catch (Exception $e) {
echo "Error.";
exit;
}
try {
$modelFilter = $db->query("SELECT DISTINCT Model FROM import ORDER BY Make ASC");
} catch (Exception $e) {
echo "Error.";
exit;
}
?>
所有这些查询在实际站点上都能正常运行,因此数据库连接显然正在运行。
答案 0 :(得分:1)
我相信如果您更改这样的代码,它将起作用:
$carview = $db->prepare("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive, FullRegistration FROM import WHERE FullRegistration = '$carId'");
然而,在继续之前,请确保自己了解SQL injection的危险,否则我可以删除或转储数据库中的每个表,只需将相应的值传递给?id=...
答案 1 :(得分:0)
Antoan代码应该有效;他的答案的第二部分更为重要。如果您的'id'值是数字(我猜)
$_GET['$carId'] = intval($_GET['$carId'])
是一个简单的方法,也是一个很好的开始......