我知道我最近发布了很多问题,但是这个问题我在大约1周内无法解决,我尝试了数百万次来检查数据是否存在但仍然没有。搜索,检查了同样的问题,但没有得到提示。所以请告诉我这里有什么问题。我自己尝试一切,但如果我遇到问题,我可以解决一段时间。我在这里寻求帮助。
<!DOCTYPE html>
<html>
<head>
<title>Test Title</title>
</head>
<body>
<?php
class Database{
public $db;
public function __construct($host,$username,$password,$dbname){
$this->db=new MySQLi($host,$username,$password,$dbname);
}
public function getData(){
$query="SELECT * FROM artisan";
$result=$this->db->query($query);
$users=array();
if($result->num_rows>0){
while($row=$result->fetch_assoc()){
$users[]=array(
"id"=>$row['id'],
"username"=>$row['username'],
"email"=>$row['email']
);
}
}else{
echo "No results found!";
}
return $users;
}
public function getContent(){
$query="SELECT * FROM content";
$result=$this->db->query($query);
$values=array();
if($result->num_rows>0){
while($row=$result->fetch_assoc()){
$values[]=array(
"title"=>$row['title'],
"body"=>$row['body']
);
}
}
return $values;
}
public function insertData(){
$title=$_POST['title'];
$query="INSERT INTO content(title,body) VALUES (?,?)";
$result=$this->db->query("SELECT COUNT(*) FROM content WHERE title=$title");
$stmt=$this->db->prepare($query);
$stmt->bind_param("ss",$_POST['title'],$_POST['body']);
if(!empty($_POST['title']) || !empty($_POST['body'])){
if($result->num_rows){
echo "User allready exists";
}else{
$stmt->execute();
}
}
}
private function validate(){
$query="SELECT title and body FROM contents";
$result=$this->db->query($query);
if($result){
echo "hi";
}
}
}
$database=new Database('localhost','root','','test');
$users=$database->getData();
$values=$database->getContent();
$database->insertData();
?>
<style type="text/css">
.container{
text-align:center;
}
table, th, td, {
border: 1px solid black;
}
table{
width:100%;
}
.content{
border:1px solid black;
}
</style>
<div class="container">
<?php
for($i=0;$i<count($values);$i++):
?>
<div class="content">
<?php echo $values[$i]["title"]."<br>"; ?>
<?php echo $values[$i]["body"]."<br>";?>
</div>
<?php endfor;?>
</div>
<table>
<colgroup>
<col span="2" style="background-color:red">
<col style="background-color:yellow">
</colgroup>
<tr>
<th>ID</th>
<th>username</th>
<th>email</th>
</tr>
<tr>
<td><?php foreach($users as $user)
echo $user['id']."<br>";
?></td>
<td><?php foreach($users as $user)
echo $user['username']."<br>";
?></td>
<td><?php foreach($users as $user)
echo $user['email']."<br>";
?></td>
</tr>
</table>
<form action="index.php" method="POST">
<input type="text" name="title">
<input type="text" name="body">
<input type="submit" name="submit">
</form>
</body>
</html>
答案 0 :(得分:0)
&#34; $ result = $ this-&gt; db-&gt; query(&#34; SELECT title FROM content WHERE title =&#39; $ title&#39;&#34;);只是改变了一切这个并且它有效,$结果返回false,所以我试图解决它,但我想添加&#39; &#39;为了$ title解决了idk为什么。 - DummyTarget 12分钟前&#34;
那是因为$title是string literal,需要引用它。你真的应该为一切使用准备好的语句,并且有助于防止潜在的SQL注入。
参考:
调试: