0

我正在尝试创建一个脚本,该脚本在浏览器 URL p 中获取变量,并在列 playername 中查询与变量 p 匹配的任何内容,但它仍然不起作用,任何人都知道我做错了什么,我一直在摆弄这个几个小时..

<!DOCTYPE html>
<html lang="en">
 <head>
    <meta charset="utf-8">
    <title>Admin Panel</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">
    <link href="http://example.com/assets/css/bootstrap.css" rel="stylesheet">
    <link href="http://example.com/assets/css/docs.css" rel="stylesheet">
    <link href="http://example.com/assets/js/google-code-prettify/prettify.css" rel="stylesheet">

<center>

<?php

$con = mysql_connect("","","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("log", $con);

$plyr=$_GET["p"];

$result = mysql_query('SELECT * FROM logs_chat WHERE playername="$plyr"');

echo '
            <table class="table">
              <thead>
                <tr>
                  <th>Time</th>
                  <th>Player</th>
                  <th>Message</th>
                </tr>
              </thead>
              <tbody>
';

while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['time'] . "</td>";
  echo "<td>" . $row['playername'] . "</td>";
  echo "<td>" . $row['text'] . "</td>";
  echo "</tr>";
  }
echo "</table>";

mysql_close($con);
?>

</center>
    <script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
    <script src="http://example.com/assets/js/jquery.js"></script>
    <script src="http://example.com/assets/js/google-code-prettify/prettify.js"></script>
    <script src="http://example.com/assets/js/bootstrap-transition.js"></script>
    <script src="http://example.com/assets/js/bootstrap-alert.js"></script>
    <script src="http://example.com/assets/js/bootstrap-modal.js"></script>
    <script src="http://example.com/assets/js/bootstrap-dropdown.js"></script>
    <script src="http://example.com/assets/js/bootstrap-scrollspy.js"></script>
    <script src="http://example.com/assets/js/bootstrap-tab.js"></script>
    <script src="http://example.com/assets/js/bootstrap-tooltip.js"></script>
    <script src="http://example.com/assets/js/bootstrap-popover.js"></script>
    <script src="http://example.com/assets/js/bootstrap-button.js"></script>
    <script src="http://example.com/assets/js/bootstrap-collapse.js"></script>
    <script src="http://example.com/assets/js/bootstrap-carousel.js"></script>
    <script src="http://example.com/assets/js/bootstrap-typeahead.js"></script>
    <script src="http://example.com/assets/js/bootstrap-affix.js"></script>
    <script src="http://example.com/assets/js/application.js"></script>
</body>
</html>
4

2 回答 2

1

问题就在这里,

$result = mysql_query('SELECT * FROM logs_chat WHERE playername="$plyr"');

$plyr被认为是字符串而不是变量,PHP 不会解析任何单引号' '。您需要连接变量。

改成,

$result = mysql_query('SELECT * FROM logs_chat WHERE playername="'.$plyr.'"');

更新:

不要使用mysql_*函数,它们很快就会被弃用。使用 PDO 或 mysqli 连接数据库。当心 SQL INJECTIONS,$_GET["p"]没有经过验证,并且您的代码可能存在弱点。尝试准备好的语句或 mysqli_real_escape_string 或 PDO::quote。

于 2012-12-10T02:52:54.867 回答
1

您是否尝试在表格名称周围加上单引号?

形式:$result = mysql_query('SELECT * FROM logs_chat WHERE playername="$plyr"');

至:$result = mysql_query("SELECT * FROM logs_chat WHERE playername='$plyr'");

获取变量时也不要忘记使用mysql_real_escape_string 。$_GET

于 2012-12-10T03:45:06.850 回答