Php mysql没有';我不喜欢我的陈述
我试图从数据库中的relationships表调用book details,mysql在代码语法方面抛出了一个错误。上一页是Php mysql没有';我不喜欢我的陈述,php,mysql,Php,Mysql,我试图从数据库中的relationships表调用book details,mysql在代码语法方面抛出了一个错误。上一页是 <html> <head> <title>Retrieve Relationships</title> </head> <body> <dl> <?php // Connect to database server
<html>
<head>
<title>Retrieve Relationships</title>
</head>
<body>
<dl>
<?php
// Connect to database server
mysql_connect("localhost","","") or die (mysql_error ());
// Select database
mysql_select_db("test") or die(mysql_error());
// Get data from the database depending on the value of the id in the URL
$title = (isset($_GET['title']) && is_string($_GET['title'])) ? $_GET['title'] : null;
$sTitle = mysql_real_escape_string($title);
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$sTitle}'";
$rs = mysql_query($strSQL)
// Loop the recordset $rs
while($row = mysql_fetch_array($rs)){
// Write the data of the person
echo "<dt>Book One:</dt><dd>" . $row["bookone"] . "</dd>";
echo "<dt>Book Two:</dt><dd>" . $row["booktwo"] . "</dd>";
echo "<dt>Relationship:</dt><dd>" . $row["relationship"] . "</dd>";
echo "<dt>Likes:</dt><dd>" . $row["relationshiplikes"] . "</dd>";
echo "<dt>Dislikes:</dt><dd>" . $row["relationshipdislikes"] . "</dd>";
}
// Close the database connection
mysql_close();
?>
</dl>
<p><a href="search.php">Return to the list</a></p>
</body>
</html>
检索关系
应该是:
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$_GET['bookone']}'";
$title = (isset($_GET['title']) && is_string($_GET['title'])) ? $_GET['title'] : null;
$sTitle = mysql_real_escape_string($title);
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$sTitle}'";
但事实上,它应该是:
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$_GET['bookone']}'";
$title = (isset($_GET['title']) && is_string($_GET['title'])) ? $_GET['title'] : null;
$sTitle = mysql_real_escape_string($title);
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$sTitle}'";
情况相当糟糕:)
(更不用说,如果用户搜索标题中带有撇号的书籍,它也会无害地中断。)似乎您不需要此表的联接。实际上,您根本没有使用books表。看起来您所需要的只是:
SELECT r.bookone, r.booktwo, r.relationship FROM relationships AS r WHERE r.bookone='{$sTitle}'
但是,稍后您将使用列relationshiplikes
和relationshipdislikes
,这两个列不是通过此查询获取的。所以也许你真正想要的是:
SELECT r.* FROM relationships AS r WHERE r.bookone='{$sTitle}'
更改为$rs=mysql\u query($strSQL)或die(mysql\u error())
并查看它的含义如果是字符串,则输入查询的变量需要用单引号括起来。另外,您的代码对SQL注入是开放的。您在查询中没有关闭这一个引号:'{$sTitle}
现在这一行代码出现了问题,警告:mysql\u fetch\u array()希望参数1在($row=mysql\u fetch\u array($sTitle)或die(mysql\u error())时关闭($mysql\u error()),谢谢您的帮助@user1393064您仍然需要将$rs传递给mysql\u fetch\u数组,而不是$sTitle$sTitle包含转义的标题,而不是mysql_fetch_数组所需的查询资源。我以前有%rs,但它抛出了一个未定义的错误。我假设您的意思是$rs
,而不是%rs
?如果它们定义在同一个范围内,就不应该这样做。一旦我让bookone和booktwo工作,我计划添加REST,您需要整个关系行吗?然后选择r.*
而不是这些特定的列。我不想显示relationshipid,它仅在系统中用于数据库目的。除此之外,您应该始终只获取您绝对需要的,始终避免*^不同意“始终”