我创建了一个脚本,将一些细节插入到表单中,并在其下方显示插入表中的值。有一个mysql连接应该可以工作。广告表中的插入和选择不起作用!我似乎不明白为什么。我的表是正确创建的,没有错误,因为我已经检查过它的另一个代码。只有这段代码不起作用。
有人能告诉我为什么sql语句不起作用?
<?php
include('header.php');
session_start();
$user = $_SESSION['username'];
mysql_select_db("ladyjoy_fs", mysql_connect("localhost", "root", ""))or die(mysql_error());
$login=mysql_query("select * from user where user_name='$user'")or die(mysql_error());
$row=mysql_fetch_row($login);
$_SESSION['userid'] = $row[0];
?>
<body>
<?php
$users = mysql_query("select * FROM gcm_users")or die(mysql_error());
if ($users != false)
$no_of_users = mysql_num_rows($users);
else
$no_of_users = 0;
;
?>
<center>
</br>
</br>
<div id="container">
<div id="header">
<div class="alert alert-success"><label>Welcome Advertiser</label></div>
</div>
<table>
<thead>
<td>
<tr><a href="index.php">Home</a> | </tr>
<tr><a href="reservation.php">My Advertisements</a> | </tr>
<tr><a href="myaccount.php">My Account</a> | </tr>
<tr><a href="../logout.php">Logout</a> | </tr>
</td>
</thead>
</table>
<br/>
<table class="table table-bordered">
<div class="alert alert-success">Creating New Notifications</div>
</table>
<div style="float:center;">
<h4>New Advertisement</h4>
<h5>No of Devices Registered: <?php echo $no_of_users; ?></h5>
<form id="form1" method="POST" onsubmit="return sendPushNotification()">
<label class="control-label" for="inputEmail">Title</label>
<input type="text" name="ad_title" id="ad_title" class="txt_title" placeholder="Notification Title">
<label class="control-label" for="inputEmail">Description</label>
<input type="text" name="ad_desc" id="ad_desc" class="txt_desc">
<label class="control-label" for="inputEmail">Picture</label>
<input type="text" name="ad_pic" id="ad_pic" placeholder="URL">
<label class="control-label" for="inputEmail">Location</label>
<input type="text" name="ad_location" id="ad_location" placeholder="Venue"><br/>
<input type="hidden" name="regId" value="<?php echo $_SESSION['userid'] ?>"/>
<button type="submit" id="add_supply" name="add_supply" class="btn btn-info">Send Notification</button>
</div>
</form>
<?php
if (isset($_POST['add_supply'])){
$title=$_POST['ad_title'];
$desc=$_POST['ad_desc'];
$url=$_POST['ad_pic'];
$location=$_POST['ad_location'];
$userid=$_POST['regId'];
$sql2 = "insert into advert (title,description,url,location,user_id) values('$title','$desc','$url','$location','$userid')";
mysql_query($sql2)or die(mysql_error());
}
?>
<br/>
<table cellpadding="0" cellspacing="0" border="0" class="table table-striped table-bordered" >
<thead>
<tr>
<th>Advertisement ID</th>
<th>Title</th>
<th>Description</th>
<th>Picture</th>
<th>Location</th>
</tr>
</thead>
<tbody>
<?php
$query=mysql_query("select * from advert where user_id = ".$_SESSION['userid']."")or die("Error at query : "+mysql_error());
while(($row=mysql_fetch_array($query))){
?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><?php echo $row['title']; ?></td>
<td><?php echo $row['description']; ?></td>
<td><?php echo $row['url']; ?></td>
<td><?php echo $row['location']; ?></td>
</tr>
<?php } ?>
</tbody>
</table>
</center>
</body>
</html>
答案 0 :(得分:1)
$query=mysql_query("select * from advert where user_id = '".$_SESSION['userid']."' ")or die("Error at query : "+mysql_error());
我认为语法错误。请检查一下。
答案 1 :(得分:0)
或者您可以尝试使用此代码 - &gt;
$user = $_SESSION["username"];
$res = "select * from user where user_name='$user'";
$result = mysql_query($res) or die("query fail to execute".mysql_error());
while($row= mysql_fetch_array($result))
{
$ac= $row['id'];
$a= ("select * FROM gcm_users WHERE user_id='$ac'");
$re = mysql_query($a) or die("wrong query".mysql_error());
while($row= mysql_fetch_array($re))
{
}
}
note-&gt;并且如上所述,您的代码很容易受到sql注入。