用php向查询发送值重写URL
我有以下php,它工作正常,并用正确的id打开detail.php页面用php向查询发送值重写URL,php,.htaccess,Php,.htaccess,我有以下php,它工作正常,并用正确的id打开detail.php页面 <a href="contents/details.php?b_id=<?php echo $business["id"]; ?>" style="text-decoration:none; color:#000;"><h1 style="text-transform:capitalize; margin-bottom:5px;"><?php echo $business["name
<a href="contents/details.php?b_id=<?php echo $business["id"]; ?>" style="text-decoration:none; color:#000;"><h1 style="text-transform:capitalize; margin-bottom:5px;"><?php echo $business["name"]; ?></h1></a>
现在尝试更改上述php以使用重写规则,以下是更新的php:
<a href="contents/details.html?b_id=<?php echo $business["id"]; ?>-<?php echo $business["name"]; ?>.html" style="text-decoration:none; color:#000;"><h1 style="text-transform:capitalize; margin-bottom:5px;"><?php echo $business["name"]; ?></h1></a>
您的SQL语法有错误;检查手册
对应于您的MySQL服务器版本,以便使用正确的语法
在第1行的“my own business.html”附近
以下是sql查询:
public function getBusiness($business_id) { // If business id null then this function returns whole businesses.
$selectQuery = "SELECT b.name, b.description, b.address_1, b.address_2, b.location, b.ph_office, b.ph_cell, b.fax, b.email, b.website, b.image, b.image_1, b.image_2, b.image_3, b.contact_person, city.name as city, cat.name as category, country.name as country_name, region.name as region_name FROM tbl_business as b INNER JOIN tbl_city as city ON city.id = b.location INNER JOIN tbl_category as cat ON cat.id = b.category_id LEFT OUTER JOIN tbl_country as country ON country.country_iso = b.country_iso INNER JOIN tbl_region as region ON region.id=b.region WHERE b.id = ". $business_id;
//$selectQuery = "SELECT * FROM tbl_business WHERE id=25";
$resultSet = mysql_query($selectQuery) or die(mysql_error());
$dataArray = array();
if(mysql_num_rows($resultSet) > 0) {
$row = mysql_fetch_array($resultSet);
//print_r($row); exit;
if($row["image"] == "") {
$row["image"] = "images/noimage.jpg";
}
else {
$row["image"] = "uploads/". $row["image"];
}
$dataArray = array(
"name" => str_replace("^", "'", $row["name"]),
"description" => str_replace("^", "'", $row["description"]),
"address_1" => str_replace("^", "'", $row["address_1"]),
"address_2" => str_replace("^", "'", $row["address_2"]),
"location" => str_replace("^", "'", $row["location"]),
"ph_office" => str_replace("^", "'", $row["ph_office"]),
"ph_cell" => str_replace("^", "'", $row["ph_cell"]),
"fax" => str_replace("^", "'", $row["fax"]),
"email" => str_replace("^", "'", $row["email"]),
"website" => str_replace("^", "'", $row["website"]),
"image" => $row["image"],
"contact_person" => str_replace("^", "'", $row["contact_person"]),
"city" => $row["city"],
"category" => $row["category"],
"country_name" => $row["country_name"],
"multiple_images" => array($row["image_1"], $row["image_2"], $row["image_3"]),
"reviews" => $this->getAllReviews($business_id),
"region_name" => $row["region_name"]
);
}
return $dataArray;
}
下面是php:
$b_id = $_REQUEST["b_id"];
if($b_id == "") {
header("Location:../index.php");
}
$dal = new DataAccess();
$detailsArray = $dal->getBusiness($b_id);
//print_r($detailsArray["multiple_images"]); exit;
$address = "";
if($detailsArray["address_1"] != "") {
$address .= $detailsArray["address_1"] . ", ";
}
if($detailsArray["address_2"] != "") {
$address .= $detailsArray["address_2"] . ", ";
}
$address .= $detailsArray["city"] . ", " . $detailsArray["region_name"] . ", " . $detailsArray["country_name"];
//echo $address;
?>
注意:如果您的重写规则
RewriteRule ^b_id-([a-zA-Z0-9_-]+)-([0-9]+).html$ contents/details.php?b_id=$2
是的,那么您应该首先回显$business[“name”]
var,然后回显$business[“id”]
:
您有几个错误:首先,您拥有的链接与您的重写规则不匹配,因为它链接到
contents/details.html?b_id=<?php echo $business["id"]; ?>-<?php echo $business["name"]; ?>.html
您得到的错误与SQL有关(显然)。我怀疑您没有充分清理数据,导致查询无效。同样的事情也可能被攻击者滥用,通过mysql注入暴露机密数据(如密码)或控制您的站点。请参阅,以了解有关此问题以及如何防止此问题的更多信息。我们需要能够查看您传递给MySQL的内容。。。请添加您的查询和php语句,这些语句执行了ear#botsknet,编辑了问题,添加了sql查询+php代码。谢谢,现在这里它的更改:添加了以下内容,但仍然是sql错误:当然,它仍然给出了一个mysql错误。您确实添加了一些信息,因为我的答案和您的sql语句确实容易受到mysql注入的攻击。点击我答案中的最后一个链接。亲爱的sumurai8,你是对的,但这里的问题是url重写,而不是sqlinjection,我是web开发新手,所以,不明白,链接中有什么?如何进行此url重写?不,重写永远不会导致sql错误。代码中的错误可能导致这种情况,或者在本例中,期望输入正常。执行
echo$selectQuery
并将结果字符串复制/粘贴到交互式mysql控制台中。这样,您就可以发现您的查询到底有什么问题<代码>$business\u id似乎包含您不期望的数据。现在这是url:错误如下:“where子句”中的未知列“testing”
RewriteRule ^b_id-([a-zA-Z0-9_-]+)-([0-9]+).html$ contents/details.php?b_id=$2
<a href="contents/details.html?b_id=<?php echo $business["name"]; ?>-<?php echo $business["id"]; ?>.html" ...
RewriteRule ^b_id-([0-9]+)-([a-zA-Z0-9_-]+).html$ contents/details.php?b_id=$1
contents/details.html?b_id=<?php echo $business["id"]; ?>-<?php echo $business["name"]; ?>.html
/b_id-<?php echo $business["name"]; ?>-<?php echo $business["id"]; ?>.html
$title = 'A Purple PolarBear\'s Meal';
$seo_title = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $title ) );
echo $seo_title; //penguin; I mean: a-purple-polarbear-s-meal