从数据库中检索的帖子数据未显示

时间:2018-09-02 20:06:21

标签: php html mysql

我尝试从数据库中检索数据,修复了错误消息,但仍未显示数据,http://localhost/webpage/info.php?post_id=76(帖子ID取决于我单击的帖子)。另外,我知道某些变量没有显示出来,我正在努力将所有内容放置在适当的位置,只是我放置的东西没有显示出来。还有一个到数据库的连接,只是我不会显示整个文件,因为它太大了。

出现问题的函数代码screenshot of error

function single_post(){

    if (isset($_GET['post_id'])) {
        global $con;
        $get_id = $_GET['post_id'];
        $get_posts = "select * from posts where post_id='get_id'";
        $run_posts = mysqli_query($con, $get_posts);
        $row_posts = mysqli_fetch_array($run_posts);

        $post_id = $row_posts['post_id'];
        $user_id = $row_posts['user_id'];
        $post_content = $row_posts['post_content'];
        $post_content2 = $row_posts['post_content2'];
        $price = $row_posts['price'];
        $pclass = $row_posts['pclass'];
        $specificclass = $row_posts['specificclass'];
        $upload_image = $row_posts['upload_image'];
        $post_date = $row_posts['post_date'];

        $user = "select * from users where user_id='$user_id' AND posts='yes'";

        $run_user = mysqli_query($con , $user);
        $row_user = mysqli_fetch_array($run_user);

        $user_name = $row_user['user_name'];
        $user_image = $row_user['user_image'];

        if (isset($_GET['post_id'])) {
            $post_id = $_GET['post_id'];
        }
        $get_posts = "select post_id from users where post_id='$post_id'";
        $run_user = mysqli_query($con,$get_posts);

        $post_id = $_GET['post_id'];
        $post = $_GET['post_id'];
        $get_user = "select * from posts where post_id='$post'";
        $run_user = mysqli_query($con, $get_user);
        $row = mysqli_fetch_array($run_user);

        $p_id = $row['post_id'];

        if ($p_id != $post_id) {
            echo "<script>alert('ERROR')</script>";
        }
        else{
            echo"
            <h2><strong>Información del producto:</strong></h2><br>
            <p><strong>Nombre del producto: </strong>$post_content</p><br>
            <p><strong>Información: </strong>$post_content2</p><br>
            <p><strong>Precio dispuesto a pagar: </strong> $price</p><br>
            <p><strong>Categoría: </strong> $pclass</p><br>
            <p><strong>Subcategoría: </strong> $specificclass</p><br>
            ";
        }

    }
}

1 个答案:

答案 0 :(得分:0)

get_id的代码中有拼写错误。

  $get_posts = "select * from posts where post_id='get_id'";

应该是

  $get_posts = "select * from posts where post_id='$get_id'";

关于安全性,请清理$ _GET值...

如果始终为数字格式,请使用

 is_numeric

进行检查。...

例如。

 if (isset($_GET['post_id'])) {
   $get_id = sanitized($_GET['post_id']); // sanitize with your created code for it....
   if(is_numeric($get_id)){
    global $con;
      // $get_id = $_GET['post_id']; no need of it as we havev declared it above
    $get_posts = "select * from posts where post_id='$get_id'";
       //..... rest code.....




  }else{

 // show error regarding get id.. like not found etc..

  }
相关问题
最新问题