php - 变量返回 0 而不是实际值

Question

请在我的脚本中帮助我解决这个问题。在 INSERT 查询时 $article_id 返回 0，而实际上它不是 0 (1, 2, 3)。

我试图$article_id在代码的各个点回显，它实际上回显了我想要的。但是一旦我试图在 isset($_POST['submit'])它没有回显任何东西之后回显它。

我还检查了我在 MySQL 表中声明的类型....int。但仍将 0 插入数据库。

请问问题可能出在哪里？

感谢您的时间和耐心。

$page_name = 'about'; 
$id = "";
if (isset($_GET['id'])) 
{
    $id = $_GET['id'];  
    $past1 = mysql_query("SELECT *
                          FROM about
                          WHERE about_id =  '".$id."' "); 
    $row = mysql_fetch_array($past1);

    echo "<p>" .$row['about_head']."</p>";      
    echo   $row['about_content'];  

    $article_id = $row['about_id'] ;  

    $query6 = mysql_query("SELECT c.comment_body, c.comment_date
                           FROM comment AS c
                           INNER JOIN about AS ac ON c.article_id = ac.about_id
                           WHERE   c.article_id =  '".$article_id."'
                           AND page_name = '".page_name."'");

   while ($comment = mysql_fetch_assoc($query6)) 
   {
       echo "<b>Comment:</b> " . $comment['comment_body'] . "<br/>" ;           
       echo "<b>Date of Comment:</b> " . $comment['comment_date'];
       echo "<br/>" ;      
       echo "</div>";  

    }   
}                                          

if (isset($_POST['submit'])) 
{      
    $comment_body = mysql_real_escape_string($_POST['comment_body']);
    if (($comment_body == "")  
    {
        echo "<div class=\"error\" >" ;  
        echo "One/More Empty Field"; 
        echo "</div>";   

    } 
    else 
    { 
        $query = "INSERT INTO comment (comment_id, article_id, username, page_name,
                                       comment_body, comment_date)              
                  VALUES (NULL, '".$article_id."', '".$_SESSION['logged_username']."',
                          '".$page_name."', '".$comment_body."', NOW())";
        mysql_query($query);          

    } 
}

score 0 · Accepted Answer

您看到的 0 实际上是一个 PHP NULL，用于在 SQL 中转换为字符串时表示为 0 的未初始化变量。

假设您$_GET['id']在第一次加载时检索，并在另一个页面加载时执行 POST，$article_id则仅在第一次初始化。$_GET['id']除非设置，否则它不会被填充。因此，$_SESSION在第一次加载时将其存储并在处理 POST 时从那里访问它。

 // Inside if (isset($_GET['id']))...
 // article_id is retrieved and populated from the first SELECT statement...
 $article_id = $row['about_id'] ;
 // Store it in $_SESSION  (assume session_start() was called somewhere we don't see)
 $_SESSION['article_id'] = $article_id;

稍后在您的查询中，从以下位置获取$_SESSION：

 $query = "INSERT INTO comment (comment_id, article_id, username, page_name,
                                   comment_body, comment_date)              
              VALUES (NULL, '".$_SESSION['article_id']."', '".$_SESSION['logged_username']."',
                      '".$page_name."', '".$comment_body."', NOW())";

根据评论，您似乎已经意识到 SQL 注入漏洞。一定不要忽视这些。在你去的时候对它们进行编码是很重要的，而不是试图稍后返回并填写适当的转义和边界检查。

score 0 · Accepted Answer

看看代码现在是否有效，如果不能进一步帮助您，请发表评论：

<?php
$page_name = 'about';
$id = "";
if (isset($_GET['id']))
{
  $id = $_GET['id'];
  $past1 = mysql_query("SELECT *
          FROM about
          WHERE about_id =  '".$id."' ");
  $row = mysql_fetch_array($past1);

  echo "<p>" .$row['about_head']."</p>";
  echo   $row['about_content'];

  $article_id = $row['about_id'] ;
  /* next line is for debugging, check if you got
  your $article_id variable populates with a value */
  echo "<p>My article_id var value is:" .$article_id."</p>";

  $query6 = mysql_query("SELECT c.comment_body, c.comment_date
           FROM comment AS c
           INNER JOIN about AS ac ON c.article_id = ac.about_id
           WHERE   c.article_id =  '".$article_id."'
           AND page_name = '".page_name."'");

  while ($comment = mysql_fetch_assoc($query6)) {
    echo "<b>Comment:</b> " . $comment['comment_body'] . "<br/>" ;
    echo "<b>Date of Comment:</b> " . $comment['comment_date'];
    echo "<br/>" ;
    echo "</div>";
  }
  /* I've moved the if POST here since the insertion is based
  on the existance of $article_id */
  if (isset($_POST['submit'])) {
    $comment_body = mysql_real_escape_string($_POST['comment_body']);
    if ($comment_body == "") { // here you had a sintax error, one more (: if (($comment_body == "") {
    echo "<div class=\"error\" >" ;
    echo "One/More Empty Field";
    echo "</div>";

    } else {
      $query = "INSERT INTO comment (comment_id, article_id, username, page_name,
                             comment_body, comment_date)
        VALUES (NULL, '".$article_id."', '".$_SESSION['logged_username']."',
                '".$page_name."', '".$comment_body."', NOW())";
      mysql_query($query);

    }
  }
}

php - 变量返回 0 而不是实际值

2 回答 2

Related

Reference