0

在主页中,我希望通过以下链接打开详细信息页面:

<td><a href=details.php?c_id=<?php echo $c_id ?> ><img src="./images/<?php echo $row['cfilename']; ?>" width="90" height="120" alt="" /></a></td>

和 details.php 代码:

<?php
$mysqli = new mysqli("localhost", "joseph", " ", "collectionsdb");

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

// get value of object id that was sent from address bar
//$c_id = mysql_real_escape_string(c_id);

    /* Create the prepared statement */
    if ($stmt = $mysqli->prepare("SELECT c_id,ctitle,csubject,creference,cyear,cobjecttype,cmaterial,ctechnic,cwidth,cheight,cperiod,cmarkings,cdescription,csource,cartist,cfilename FROM collections WHERE c_id=$c_id")) {    
    /* Execute the prepared Statement */
    $stmt->execute();

    /* Bind results to variables */
    $stmt->bind_result($c_id,$ctitle,$csubject,$creference,$cyear,$cobjecttype,$cmaterial,$ctechnic,$cwidth,$cheight,$cperiod,$cmarkings,$cdescription,$csource,$cartist,$cfilename);

    /* fetch values */
    while ($rows = $stmt->fetch()) {
     // display records in a table

    // and the table of results  
?>

但是,当我按下链接时, details.php 会打开所有数据。我希望只打开特定 $c_id 变量的数据。我不确定为什么它没有被传递到详细信息页面。在我放置 WHERE 条件的方式中,我收到 c_id 的未定义变量错误。

请问,我错过了什么?

约瑟夫

4

1 回答 1

1

第一的

$mysqli = new mysqli("localhost", "joseph", " ", "collectionsdb");

您正在将空间传递给 db 密码。应该

$mysqli = new mysqli("localhost", "joseph", "", "collectionsdb");

第二

php.ini 中的 global_register 指令是否启用?

如果启用,您指定为查询字符串的变量将作为 $c_id 传递。您可以通过在此页面中写入 php_info() 来检查 register_globals 是否启用。看这里

如果未启用,则需要将查询字符串变量值分配给变量或直接将变量传递给数据库。

风格一:

$c_id = $_GET['c_id'];
$stmt = $mysqli->prepare("SELECT c_id,ctitle,csubject,creference,cyear,cobjecttype,cmaterial,ctechnic,cwidth,cheight,cperiod,cmarkings,cdescription,csource,cartist,cfilename FROM collections WHERE c_id=$c_id"

风格二:

$stmt = $mysqli->prepare("SELECT c_id,ctitle,csubject,creference,cyear,cobjecttype,cmaterial,ctechnic,cwidth,cheight,cperiod,cmarkings,cdescription,csource,cartist,cfilename FROM collections WHERE c_id=$_GET['c_id']"

从样式 1 和 2 的查询字符串中清理您的值.. 可破解。:)

让 register_global 指令启用是不好的。建议,从查询字符串中获取值,对其进行清理并传递给查询。

于 2013-02-13T22:03:31.557 回答