如何在输出记录之前验证来自mysql数据库的查询

时间:2017-11-30 17:59:33

标签: php mysqli

在我的代码中,我尝试在输出结果之前验证查询是否为真我尝试过:

require("init.php");
if(empty($_GET["book"]) && empty($_GET["url"])) {
    $_SESSION["msg"] = 'Request not valid';
    header("location:obinnaa.php");
}
if(isset($_GET["book"]) && isset($_GET["url"])) {
    $book = $_GET['book'];
    $url = $_GET['url'];
    $drs = urldecode("$url");
    $txt = encrypt_decrypt('decrypt', $book);
    if(!preg_match('/(proc)/i', $url)) {
        $_SESSION["msg"] = 'ticket printer has faild';
        header("location:obinnaa.php");
        exit();
    } else {
        $ql = mysqli_query($conn, "select * from books where book='$txt' AND used='loading'");
        $count = mysqli_num_rows($sql);
        if($count < 1) {
            $_SESSION["msg"] = 'Transation has oready been made by a customer please check and try again';
            header("location:obinnaa.php");
            exit();
        }
        while($riow = mysqli_fetch_assoc($ql)) {
            $id = $riow["id"];
            $tqty = $riow["quantity"];
            for($b = 0; $b < $tqty; $b++) {
                $run = rand_string(5);
                $dua .= $run;
            }
        }
        $sql = mysqli_query($conn, "select * from books where book='$txt' AND used='loading'");
        $split = $dua;
        $show_plit = str_split($split, 5);

        $b = 0;

        while($row = mysqli_fetch_assoc($sql)) {
            $id = $row["id"];
            $qty = $row["quantity"];
            $oldB = $b;
            $am = " ";
            for(; $b < $oldB + $qty; $b++) {
                $am .= "$show_plit[$b]";
                $lek = mysqli_query($conn, "UPDATE books SET ticket='$am' WHERE id=$id");
            }
            if($lek) {
                $adr = urlencode($adr = "http://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
                $ty = encrypt_decrypt("encrypt", $txt);
                $vars = array(
                    "book" => $ty,
                    "url" => $adr
                );
                $querystring = http_build_query($vars);
                $adr = "viewbuy.php?" . $querystring;
                header("location: $adr");
            } else {
                $_SESSION["msg"] = 'Transation failed unknow error';
                header("location:obinnaa.php");
            }
        }
    }
}

但我明白了     $_SESSION["msg"]='Transation has oready been made by a customer please check and try again

即使查询是对的,我的错误也是如此。

1 个答案:

答案 0 :(得分:1)

检查查询中的返回变量名称。当它应该是$ sql时,你有$ ql。

$sql = mysqli_query($conn, "select * from books where book='$txt' AND used='loading'");
$count = mysqli_num_rows($sql);

一个好的IDE会标记这一点。 NetBeans是一个很好的免费软件。

公共服务公告: 永远不要直接从URL参数构建SQL查询。始终清理您的输入并(更好)使用SQL调用的参数化查询。您可以使用Google这些主题获取更多信息。