Not sure if .htaccess file is correct. Also some fetch problems from mySQL

时间:2016-04-21 22:24:46

标签: php mysql .htaccess

I have som problems with getting data from my mySQL database after i implemented a more clean URL path.

Instead of: www.example.com/index.php?id=headline

I would have this path: www.example.com/article/headline

My .htaccess file is looking like this, and the path seems to work:

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f


RewriteCond %{THE_REQUEST} (\s|%20)
RewriteRule ^([^\s%20]+)(?:\s|%20)+([^\s%20]+)((?:\s|%20)+.*)$ $1-$2$3 [N,DPI]
RewriteRule ^([^\s%20]+)(?:\s|%20)+(.*)$ /$1-$2 [L,R=301,DPI]

RewriteRule ^article/(.*)/?$ index.php?id=$1 [NC,L]

RewriteCond %{REQUEST_URI} !\.(gif|jpg|png|ico|css|js)$

Then this is the link you have to click at, for coming to the article-page:

<a href="article/'. urldecode($row["overskrift"]) .'">

And the fetching from this $row is going smoothly.

The problem is when i then have to $_GET the id, it is like it won't fetch the next step properbly:

if(isset($_GET['id'])) { 
   $id = $_GET['id'];
   $DB = "SELECT * FROM post WHERE overskrift = " . $id;
   $fetch=$conn->query($DB);
   $blogpost = $fetch->fetch_assoc();

An error appear on the last line, and i have struggled with this in about 3 hours now, but i really can't find the area where there is something wrong! I can click on the link on the article on my frontpage, however i get this error when i am trying to enter an article:

Fatal error: Call to a member function fetch_assoc() on a non-object in /var/www/web/xxxxxxx/xxxxx.com/index.php on line 198

I hope someone can help.

1 个答案:

答案 0 :(得分:1)

添加一个前导/重写规则匹配:

it('returns http 200', function (done) {
        chai
        .request(baseUrl)
        .get('/api/')
        .set('Authorization', 'Basic abc')
        .query({val:'hey'})
        .end(function(err, res) {
            expect(res).to.have.status(200);

            var json = res.text;

            console.log('val: '+ JSON.parse(json.body));
            var val = json.body.value.total; //undefined
            expect(val.to.be.above(0)); //fails
            done();
        });
    });

请注意,这会将RewriteRule ^/article/(.*)/?$ index.php?id=$1 [NC,L] 重写为www.example.com/article/headline/something/else/,如果不需要,请使用限制性更强的字符集(例如www.example.com/index.php?id=headline/something/else)而不是[A-z0-9_\- \.]

至于SQL,肯定建议使用PDO或类似的方法来参数化来自请求变量的任何内容。在使用变量之前,还值得对变量进行一些filter/sanitize

值得在运行之前输出您的SQL,这样您就可以看到它正如您所期望的那样。还可以尝试复制该输出并直接在mysql命令行或通过PHPMyAdmin(或其他类似工具)运行它,看看你是否得到了你期望的数据。

.*

修改

看到你的回答。您的SQL的问题在于您传递的是字符串,而不是将其封装在SQL中(注意PDO参数化会自动为您提供)。您的SQL行应为:

if(isset($_GET['id'])) { 
   $id = $_GET['id'];
   $DB = "SELECT * FROM post WHERE overskrift = " . $id;
   echo '<pre>' . $DB . </pre>;
   $fetch=$conn->query($DB);
   $blogpost = $fetch->fetch_assoc();

但是认真......不要这样做。参数化它!

相关问题
最新问题