1

我正在尝试从我的数据库中的关系表中调用书籍详细信息,mysql 使用代码的语法引发错误。上一页是

  <html>
    <head>
    <title>Retrieve Relationships</title>
    </head>
    <body>

    <dl>

    <?php
    // Connect to database server
    mysql_connect("localhost","","") or die (mysql_error ());

    // Select database
    mysql_select_db("test") or die(mysql_error());

    // Get data from the database depending on the value of the id in the URL
    $title = (isset($_GET['title']) && is_string($_GET['title'])) ? $_GET['title'] : null;
$sTitle = mysql_real_escape_string($title);
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$sTitle}'";
     $rs = mysql_query($strSQL)
    // Loop the recordset $rs

    while($row = mysql_fetch_array($rs)){

        // Write the data of the person
        echo "<dt>Book One:</dt><dd>" . $row["bookone"] . "</dd>";
        echo "<dt>Book Two:</dt><dd>" . $row["booktwo"] . "</dd>";
        echo "<dt>Relationship:</dt><dd>" . $row["relationship"] . "</dd>";
        echo "<dt>Likes:</dt><dd>" . $row["relationshiplikes"] . "</dd>";
        echo "<dt>Dislikes:</dt><dd>" . $row["relationshipdislikes"] . "</dd>";

    }

    // Close the database connection
    mysql_close();
    ?>

    </dl>
    <p><a href="search.php">Return to the list</a></p>

    </body>

    </html>

我试图让页面显示的是 bookone 的代码和 booktwo 的代码,其中 bookones id = booksid

任何帮助将不胜感激

4

2 回答 2

2

它应该是:

$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$_GET['bookone']}'";

虽然,真的,它应该是:

$title = (isset($_GET['title']) && is_string($_GET['title'])) ? $_GET['title'] : null;
$sTitle = mysql_real_escape_string($title);
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$sTitle}'";

SQL注入相当糟糕:)。

(更不用说如果用户搜索标题中带有撇号的书,它也会无害地破坏。)

于 2012-05-22T00:15:39.427 回答
0

看来您不需要此表的联接。您实际上根本没有使用书桌。看起来您只需要:

SELECT r.bookone, r.booktwo, r.relationship FROM relationships AS r WHERE r.bookone='{$sTitle}'

但后来您正在使用列relationshiplikesrelationshipdislikes并且您没有通过此查询获得这些列。所以也许你真正想要的是:

SELECT r.* FROM relationships AS r WHERE r.bookone='{$sTitle}'
于 2012-05-22T00:30:13.657 回答