-4

可能重复:
显示来自 MYSQL 的数据;SQL语句错误

我有下面的代码显示来自 MYSQL 数据库的数据(目前正在调查 sql 注入问题)当没有找到结果时我需要插入一条错误消息......不知道在哪里定位它!我已经尝试过代码 if( mysql_num_rows($result) == 0) { echo "No row found!" 但是继续出现语法错误,有人知道代码中的正确位置吗?

-- 

 require 'defaults.php';
 require 'database.php';

 /* get properties from database */

 $property = $_GET['bedrooms'] ;
 $sleeps_min = $_GET['sleeps_min'] ;
 $availability = $_GET['availability'] ;


  $query = "SELECT * FROM `properties` WHERE bedrooms = '{$bedrooms}' AND sleeps_min = '{$sleeps_min}' AND availability = '{$availability}'";
  $row=mysql_query($query);

  $result = do_query("SELECT * FROM `properties` WHERE bedrooms = '{$bedrooms}' sleeps_min = '{$sleeps_min}' AND availability = '{$availability}'", $db_connection);

 while ($row = mysql_fetch_assoc($result))
 {
$r[] = $row;
 }

 ?>
4

2 回答 2

0

我在您的代码中发现了一些符合要求的错误

$query = "SELECT * FROM `properties` WHERE bedrooms = '{$bedrooms}' AND sleeps_min = '{$sleeps_min}' AND availability = '{$availability}'";
$row=mysql_query($query);

你使用bedrooms = '{$bedrooms}'但是$bedrooms is not variable in whole cod it must be $preopery。我对下面给出的代码进行了一些更改,请尝试一下。

        <?php

        require 'defaults.php';
        require 'database.php';

        /* get properties from database */

        /*if get $_GET['bedrooms'] value else ''*/

        if (isset($_GET['bedrooms'])) {
            $property = $_GET['bedrooms'];
        } else {
            $property = '';
        }

        /*if get $_GET['sleeps_min'] value else ''*/

        if (isset($_GET['sleeps_min'])) {
            $sleeps_min = $_GET['sleeps_min'];
        } else {
            $sleeps_min = '';
        }

        /*if get $_GET['availability'] value else ''*/

        if (isset($_GET['availability'])) {
            $availability = $_GET['availability'];
        } else {
            $availability = '';
        }

        $query = "SELECT * FROM `properties` WHERE bedrooms = '" . $property . "' AND sleeps_min = '" . $sleeps_min . "' AND availability = '" . $availability . "'";

        $result = mysql_query($query) or die(mysql_error());

        if ($result) {
            while ($row = mysql_fetch_assoc($result)) {
                $r[] = $row;
            }
        }
        ?>
于 2012-04-26T05:55:36.010 回答
0

var_dump($GET_)调试你是否得到有效的字符串。如果其中任何一个为空白,则查询将尝试匹配空白值而不是NULL. 您应该通过执行以下操作来防止这种情况:

if(!$_GET['bedrooms'] || $_GET['bedrooms'] == ''){
$property = 'NULL';
}//repeat for all three

$query = "SELECT * FROM `properties` WHERE 'bedrooms' = '$bedrooms' AND 'sleeps_min' = '$sleeps_min' AND 'availability' = '$availability'";

代替:

while ($row = mysql_fetch_assoc($result)) {
    $r[] = $row; 
}

你可以简单地做:

$r = mysql_fetch_array($query);

但将其附在条件中以查看您的查询是否找到任何内容:

if(mysql_affected_rows() > 0){
  //your code here will execute when there is at least one result
  $r = mysql_fetch_array($query); 
} 
else{//There was either nothing or an error
  if(mysql_affected_rows() == 0){
    //There were 0 results 
  } 
  if(mysql_affected_rows() == -1) {
    //This executes when there is an error 
    print mysql_error(); //not recommended except to debug
  }
}
于 2012-04-26T05:34:13.423 回答