0

我正在使用这段代码从数据库中获取数据,我得到$data了正确的获取,但是我没有在这个变量中正确获取数据,$seldata为什么会这样

<?php
    include_once("includes/connection.php");
    include_once("includes/session.php");
    //echo $_SESSION['uid'];
    $sql="SELECT * FROM employee WHERE eid = '{$_GET['id']}'";
    $result=mysql_query($sql);
    $data=mysql_fetch_array($result);
    echo "data".$data;
    $sel_valsql="select * FROM selected_candidate WHERE eid = '{$_GET['id']}'";
    $sresult=mysql_query($sel_valsql);
    $seldata=mysql_fetch_array($sresult);
    echo "seledata".$seldata;       
?>
4

3 回答 3

1

尝试这个,

$sql = "SELECT * FROM employee WHERE eid = '" . $_GET['id'] . "'";

作为旁注,SQL Injection如果值(s)来自外部,则查询很容易受到攻击。请看下面的文章,了解如何预防。通过使用 PreparedStatements,您可以摆脱在值周围使用单引号。

于 2013-01-12T08:00:11.720 回答
1 
<?php
include_once("includes/connection.php");
include_once("includes/session.php");
//echo $_SESSION['uid'];
$sql="SELECT * FROM employee WHERE eid = '".$_GET['id']."'";
$result=mysql_query($sql);
$data=mysql_fetch_array($result);
echo "data".$data;
$sel_valsql="select * FROM selected_candidate WHERE eid = '".$_GET['id']."'";
$sresult=mysql_query($sel_valsql);
$seldata=mysql_fetch_array($sresult);
echo "seledata".$seldata;       
?>

注意:mysql_fetch_array() 返回一个结果数组,因此您需要执行 print_r($seldata) 才能查看结果。

于 2013-01-12T08:11:50.513 回答
0

从where条件中删除单引号,即

$sql="SELECT * FROM employee WHERE eid = {$_GET['id']}";

或这样做:

$sql = "SELECT * FROM employee WHERE eid = '" . $_GET['id'] . "'";
于 2013-01-12T08:04:14.303 回答