所以,我试图通过使用网址中的category_id来通过函数获取论坛标题的名称。
它没有归还标题。是的,我包括functions.php。
链接是:
http://www.dxbridge.com/view_category.php?cid=1
的functions.php:
function getForumsCategoriesName($cid) {
$query = "SELECT * FROM categories WHERE id='" . $cid . "'";
try {
global $db;
// Execute the query against the database
$stmt = $db->prepare($query);
$stmt->execute();
$result = $stmt->fetchAll();
foreach($result as $forums) {
$forumsID = $forums['id'];
$forumsTitle = $forums['category_title'];
$forumsTopicAmount = $forums['topic_amount'];
$forumsCategoriesName = "<h1>" . $forumsTitle . "</h1>";
echo $forumsCategories3;
}
}
catch(PDOException $ex) {
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Error loading names");
}
}
尝试从函数中获取名称
$cid = $_GET['cid'];
getForumsCategoriesName($cid);
另外,我知道变量正在被设置,它不会通过函数。
答案 0 :(得分:1)
你还没有回复/回应任何东西(实际上你回应了一些东西,一个未定义的变量)。绑定值,不要将其直接注入查询字符串:
function getForumsCategoriesName($cid)
{
$result = array();
try {
global $db;
// Execute the query against the database
$query = 'SELECT * FROM categories WHERE id = :cid '; // put a named placeholder
$stmt = $db->prepare($query);
$stmt->bindParam(':cid', $cid); // bind the value
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
return $result; // return the values
// echo $forumsCategories3; // this doesn't make sense, its undefined.
}
catch(PDOException $ex) {
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Error loading names");
}
}
然后使用:
$cid = $_GET['cid'];
$result = getForumsCategoriesName($cid);
foreach($result as $forums) {
$forumsID = $forums['id'];
$forumsTitle = $forums['category_title'];
$forumsTopicAmount = $forums['topic_amount'];
$forumsCategoriesName = "<h1>" . $forumsTitle . "</h1>";
echo $forumsID . '<br/>'; // echo everybody else
}