我已经尝试过this question中的解决方案,但是mysql的使用已被mysqli取代。即使进行了这些更改,它仍然不会返回信息,而是返回一个错误,并且没有其他任何信息(mysqli没听到任何声音)
我正在尝试做的事情类似于链接的问题,但是在URL中看起来像这样:example.com?view-work=A01它会在数据库中搜索A01,然后返回名称,说明,图片网址和发布日期。
这是我使用问题答案得到的代码:
<?php
//Establishing a connection to the Artwork Database
mysqli_connect('localhost', 'dbuser', 'dbpassword');
mysqli_select_db('db');
$artworkidentifier = $_GET["view_work"];
//Returning the result, if there is one
$artworkidentifier = mysqli_real_escape_string($artworkidentifier);
$sql = "SELECT * FROM ArtDB WHERE art_refcode = '$artworkidentifier'";
$result = mysqli_query($sql);
if (!$result) {
echo "Something's gone wrong! ".mysqli_error();
}
$data = mysqli_fetch_assoc($result);
echo $data["Artwork_Name"];
echo $data["Artwork_Description"];
echo $data["Artwork_URL"];
echo $data["DateUploaded"];
?>
答案 0 :(得分:0)
似乎这些错误的原因是我自己的无能,也可能是我一般来说对PHP和MySQL还是陌生的。我了解到,在添加了OP注释中提到的调试异常之后,需要在某些命令中引用我的连接以使它们成功进行处理。
也有人指出,是的,此代码仍然容易受到其他类型的SQL注入的影响,我将在代码的最终版本发布之前解决这些问题。
固定代码:
<?php
//Establishing a connection to the Artwork Database
$link = mysqli_connect('localhost', 'dbusr', 'dbpasswd', 'db');
//Exeptional Debugging
ini_set('display_errors', 1);
ini_set('log_errors', 1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
if (!$link) {
echo "Error: Unable to connect to MySQL!";
echo "Error No.".mysqli_connect_errno();
echo "Error in question: ".mysqli_connect_error();
exit;
}
$artworkidentifier = $_GET["view_work"];
//Returning the result, if there is one
$artworkidentifier = mysqli_escape_string($link, $artworkidentifier);
$sql = "SELECT * FROM ArtDB WHERE art_refcode = '$artworkidentifier'";
$result = mysqli_query($link, $sql);
if (!$result) {
echo "Something's gone wrong!"; //This line will be changed later to sound more professional
}
$data = mysqli_fetch_assoc($result);
echo $data["Artwork_Name"];
echo $data["Artwork_Description"];
echo $data["Artwork_URL"];
echo $data["DateUploaded"];
?>