用php向查询发送值重写URL_Php_.htaccess

用php向查询发送值重写URL

php .htaccess

用php向查询发送值重写URL,php,.htaccess,Php,.htaccess,我有以下php，它工作正常，并用正确的id打开detail.php页面 <a href="contents/details.php?b_id=<?php echo $business["id"]; ?>" style="text-decoration:none; color:#000;"><h1 style="text-transform:capitalize; margin-bottom:5px;"><?php echo $business["name

我有以下php，它工作正常，并用正确的id打开detail.php页面

<a href="contents/details.php?b_id=<?php echo $business["id"]; ?>" style="text-decoration:none; color:#000;"><h1 style="text-transform:capitalize; margin-bottom:5px;"><?php echo $business["name"]; ?></h1></a>

现在尝试更改上述php以使用重写规则，以下是更新的php：

<a href="contents/details.html?b_id=<?php echo $business["id"]; ?>-<?php echo $business["name"]; ?>.html" style="text-decoration:none; color:#000;"><h1 style="text-transform:capitalize; margin-bottom:5px;"><?php echo $business["name"]; ?></h1></a>

您的SQL语法有错误；检查手册对应于您的MySQL服务器版本，以便使用正确的语法在第1行的“my own business.html”附近

以下是sql查询：

public function getBusiness($business_id) { // If business id null then this function returns whole businesses.
    $selectQuery = "SELECT b.name, b.description, b.address_1, b.address_2, b.location, b.ph_office, b.ph_cell, b.fax, b.email, b.website, b.image, b.image_1, b.image_2, b.image_3, b.contact_person, city.name as city, cat.name as category, country.name as country_name, region.name as region_name FROM tbl_business as b INNER JOIN tbl_city as city ON city.id = b.location INNER JOIN tbl_category as cat ON cat.id = b.category_id LEFT OUTER JOIN tbl_country as country ON country.country_iso = b.country_iso INNER JOIN tbl_region as region ON region.id=b.region WHERE b.id = ". $business_id;
    //$selectQuery = "SELECT * FROM tbl_business WHERE id=25";
    $resultSet = mysql_query($selectQuery) or die(mysql_error());
    $dataArray = array();
    if(mysql_num_rows($resultSet) > 0) {
        $row = mysql_fetch_array($resultSet);
        //print_r($row); exit;
        if($row["image"] == "") {
            $row["image"] = "images/noimage.jpg";
        }
        else {
            $row["image"] = "uploads/". $row["image"];
        }
            $dataArray = array(
                "name" => str_replace("^", "'", $row["name"]),
                "description" => str_replace("^", "'", $row["description"]),
                "address_1" => str_replace("^", "'", $row["address_1"]),
                "address_2" => str_replace("^", "'", $row["address_2"]),
                "location" => str_replace("^", "'", $row["location"]),
                "ph_office" => str_replace("^", "'", $row["ph_office"]),
                "ph_cell" => str_replace("^", "'", $row["ph_cell"]),
                "fax" => str_replace("^", "'", $row["fax"]),
                "email" => str_replace("^", "'", $row["email"]),
                "website" => str_replace("^", "'", $row["website"]),
                "image" => $row["image"],
                "contact_person" => str_replace("^", "'", $row["contact_person"]),
                "city" => $row["city"],
                "category" => $row["category"],
                "country_name" => $row["country_name"],
                "multiple_images" => array($row["image_1"], $row["image_2"], $row["image_3"]),
                "reviews" => $this->getAllReviews($business_id),
                "region_name" => $row["region_name"]
            );
    }
    return $dataArray;
}

下面是php：

$b_id = $_REQUEST["b_id"];
if($b_id == "") {
    header("Location:../index.php");
}
$dal = new DataAccess();
$detailsArray = $dal->getBusiness($b_id);

//print_r($detailsArray["multiple_images"]); exit;
$address = "";
if($detailsArray["address_1"] != "") {
    $address .= $detailsArray["address_1"] . ", ";
}

if($detailsArray["address_2"] != "") {
    $address .= $detailsArray["address_2"] . ", ";
}
$address .= $detailsArray["city"] . ", " . $detailsArray["region_name"] . ", " . $detailsArray["country_name"];
//echo $address;
?>

注意：

如果您的重写规则

RewriteRule ^b_id-([a-zA-Z0-9_-]+)-([0-9]+).html$ contents/details.php?b_id=$2

是的，那么您应该首先回显

$business[“name”]

var，然后回显

$business[“id”]

：

您有几个错误：首先，您拥有的链接与您的重写规则不匹配，因为它链接到

contents/details.html?b_id=<?php echo $business["id"]; ?>-<?php echo $business["name"]; ?>.html

您得到的错误与SQL有关（显然）。我怀疑您没有充分清理数据，导致查询无效。同样的事情也可能被攻击者滥用，通过mysql注入暴露机密数据（如密码）或控制您的站点。请参阅，以了解有关此问题以及如何防止此问题的更多信息。

我们需要能够查看您传递给MySQL的内容。。。请添加您的查询和php语句，这些语句执行了ear#botsknet，编辑了问题，添加了sql查询+php代码。谢谢，现在这里它的更改：添加了以下内容，但仍然是sql错误：当然，它仍然给出了一个mysql错误。您确实添加了一些信息，因为我的答案和您的sql语句确实容易受到mysql注入的攻击。点击我答案中的最后一个链接。亲爱的sumurai8，你是对的，但这里的问题是url重写，而不是sqlinjection，我是web开发新手，所以，不明白，链接中有什么？如何进行此url重写？不，重写永远不会导致sql错误。代码中的错误可能导致这种情况，或者在本例中，期望输入正常。执行

echo$selectQuery

并将结果字符串复制/粘贴到交互式mysql控制台中。这样，您就可以发现您的查询到底有什么问题<代码>$business\u id似乎包含您不期望的数据。现在这是url：错误如下：“where子句”中的未知列“testing”

RewriteRule ^b_id-([a-zA-Z0-9_-]+)-([0-9]+).html$ contents/details.php?b_id=$2

<a href="contents/details.html?b_id=<?php echo $business["name"]; ?>-<?php echo $business["id"]; ?>.html" ...

RewriteRule ^b_id-([0-9]+)-([a-zA-Z0-9_-]+).html$ contents/details.php?b_id=$1

contents/details.html?b_id=<?php echo $business["id"]; ?>-<?php echo $business["name"]; ?>.html

/b_id-<?php echo $business["name"]; ?>-<?php echo $business["id"]; ?>.html

$title = 'A Purple PolarBear\'s Meal';
$seo_title = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $title ) );
echo $seo_title; //penguin; I mean: a-purple-polarbear-s-meal