0

我创建了一个连接到数据库的 php 文件,从表中获取数据并以 json 格式显示。

该文件名为 index.php。

要查看 json,我只需转到浏览器中的文件:

http://127.0.0.1/json/index.php and it displays:

{"title":[{"id":"1","title":"Title1","desc":"Description1"},{"id":"2","title":"Title2","desc":"Description2"}]}

我需要做的是能够通过添加以下参数来过滤它:

For example: http://127.0.0.1/json/index.php?id=1 to just show the data with an id of 1 but it still shows all the data.

这是php代码:

<?php

$username = "root";
$password = "";
$hostname = "localhost"; 

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
  or die("Unable to connect to MySQL");

$selected = mysql_select_db("mydb",$dbhandle)
  or die("Could not select mydb");

$result = mysql_query("SELECT * FROM contacts");
 $rows = array();
   while($r = mysql_fetch_assoc($result)) {
     $rows['title'][] = $r;
   }

 print json_encode($rows);

?>

我在这里做错了什么或错过了什么?

4

4 回答 4

1 
<?php
    $username = "root";
    $password = "";
    $hostname = "localhost"; 

    //connection to the database
    $dbhandle = mysql_connect($hostname, $username, $password)
    or die("Unable to connect to MySQL");

    $selected = mysql_select_db("mydb",$dbhandle)
    or die("Could not select mydb");

    $id = 0;
    if(isset($_GET['id'])){ $id = (int)$_GET['id']; }

    if(!$id){
        $query = "SELECT * FROM `contacts`";
    } else {
        $query = "SELECT * FROM `contacts` WHERE `id`='".$id."'";
    }
    $result = mysql_query($query);
    $rows = array();
    while($r = mysql_fetch_assoc($result)) {
        $rows['title'][] = $r;
    }
    print json_encode($rows);
?>
于 2012-08-29T08:56:12.593 回答
1

更改以下

$result = mysql_query("SELECT * FROM contacts");


$id = $_REQUEST['id'];

$query = 'SELECT * FROM contacts';

if(is_numeric($id))
    $query .= ' WHERE id = ' . $id;

$result = mysql_query($query);
于 2012-08-29T09:06:52.597 回答
1

一方面,您必须将 WHERE 添加到您的 SQL 语句中......

SELECT * FROM `contacts` WHERE `id` = $id

您在哪里看到id这应该是表中 id 列的名称,无论它可能是什么。但是您还必须先清理输入...

if(!is_numeric($_GET['id']))
    exit; // if not a number then exit

$id = mysql_real_escape_string($_GET['id']); // escape the input

当然这是最基本的错误检查。你可以阐述一下。所以你的代码看起来更像这样......

<?php

$username = "root";
$password = "";
$hostname = "localhost"; 

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
  or die("Unable to connect to MySQL");

$selected = mysql_select_db("mydb",$dbhandle)
  or die("Could not select mydb");

if(!is_numeric($_GET['id']) || !$_GET['id'])
    exit; // if not an integer or id not set then exit

$id = mysql_real_escape_string($_GET['id']); // escape the input

$result = mysql_query("SELECT * FROM contacts WHERE id = $id");
 $rows = array();
   while($r = mysql_fetch_assoc($result)) {
     $rows['title'][] = $r;
   }

 print json_encode($rows);

?>

而且您真的不应该使用 root 连接到 Web 应用程序中的数据库。而且米海也是对的,你应该使用 PDO 来代替,但对于这么简单的应用程序来说,它并不是真正需要的。

编辑 但上面的代码需要id输入。如果您希望仍然能够获得整个列表(如果没有id提供),它看起来像这样......

<?php

$username = "root";
$password = "";
$hostname = "localhost"; 

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
  or die("Unable to connect to MySQL");

$selected = mysql_select_db("mydb",$dbhandle)
  or die("Could not select mydb");

$sql = "SELECT * FROM `contacts`";

if(isset($_GET['id']) && $_GET['id'] > 0) {
    // if id is set then add the WHERE statement
    if(!is_numeric($_GET['id']))
        die('id must be an integer');  // if id is not an integer then exit
    $id = mysql_real_escape_string((int)$_GET['id']); // escape the input
    $sql .= " WHERE `id` = $id"; // append the WHERE statement to the sql
}


$result = mysql_query($sql);
 $rows = array();
   while($r = mysql_fetch_assoc($result)) {
     $rows['title'][] = $r;
   }

 print json_encode($rows);

?>
于 2012-08-29T09:08:05.807 回答
0

您需要在where查询中添加条件。

$id = (int) $_GET['id'];
$result = mysql_query("SELECT * FROM contacts WHERE id = $id");
于 2012-08-29T08:54:48.000 回答