nt.php?no=
<?php
// Connect to MySQL
$link = mysql_connect( 'localhost', '********', '*****' );
if ( !$link ) {
die( 'Could not connect: ' . mysql_error() );
}
// Select the data base
$db = mysql_select_db( '***DB***', $link );
if ( !$db ) {
die ( 'Error selecting database \'test\' : ' . mysql_error() );
}
// Fetch the data
$query = "
SELECT * id
FROM nt where at1='$no'
ORDER BY id ASC";
$result = mysql_query( $query );
// All good?
if ( !$result ) {
// Nope
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $query;
die( $message );
}
// Print out rows
while ( $row = mysql_fetch_assoc( $result ) ) {
echo $row['username'];
echo $row['name'];
}
// Close the connection
mysql_close($link);
?>
当我运行此脚本和主机时,用户传递和数据库正常....但是当我尝试像nt.php?no=*****
那样做时,我在echo $row['name']
中没有得到任何信息在$row['username']
选项...
答案 0 :(得分:3)
之前:
// Fetch the data
$query = "
你应该加上这个:
$no = mysql_real_escape_string($_GET['no']);
并替换
SELECT * id
与
SELECT *
答案 1 :(得分:0)
在您的查询中更新
$query = "
SELECT id,username,name,at1
FROM nt where at1='$no'
ORDER BY id ASC";
$result = mysql_query( $query );