可以从 QUERY_STRING 插入,但不能从 MySQL 中选择相同的值!
正如您所看到的,它可能没有理由不能工作。我不知道我还能做什么,有什么想法吗?任何帮助表示赞赏!
我想做的就是查看检查在网址末尾输入的值是否与数据库中的值匹配(是,它在数据库中。:) 谢谢
The code:
<?php
$keyword = substr($_SERVER['REQUEST_URI'],11);
if($_REQUEST['action'] == "link")
{
$keyword = $_POST['keyword'];
$link = $_POST['link'];
$connection =
mysql_connect("my01..com","h","h") or die(mysql_error());
if($connection)
{
mysql_select_db("mysql_17902_h", $connection);
mysql_query(
"INSERT INTO mysql_17902_h.links (
link,
keyword) VALUES (
'".$link."',
'".$keyword."')") or die(mysql_error());
$state = true;
}
}
else
{
if(!empty($_POST))
{
print_r($keyword);
$connection =
mysql_connect("my01.h.com","h","h") or die(mysql_error());
if($connection)
{
mysql_select_db("mysql_17902_h") or die(mysql_error());
$result = mysql_query("SELECT link FROM links WHERE keyword = $keyword")
or die(mysql_error());
$row = mysql_fetch_array($result);
$outsy = $row['link'];
}
$state = true;
}
}
?>
As you can see, there's probably no reason why it shouldn't be working. I don't know what else I can do, any ideas? Any help is appreciated!
All I am trying to do, is view check if the value entered at the end of the url, matches one that is in the database (and yes, it IS in the database. :)
Thank you
The code:
<?php
$keyword = substr($_SERVER['REQUEST_URI'],11);
if($_REQUEST['action'] == "link")
{
$keyword = $_POST['keyword'];
$link = $_POST['link'];
$connection =
mysql_connect("my01..com","h","h") or die(mysql_error());
if($connection)
{
mysql_select_db("mysql_17902_h", $connection);
mysql_query(
"INSERT INTO mysql_17902_h.links (
link,
keyword) VALUES (
'".$link."',
'".$keyword."')") or die(mysql_error());
$state = true;
}
}
else
{
if(!empty($_POST))
{
print_r($keyword);
$connection =
mysql_connect("my01.h.com","h","h") or die(mysql_error());
if($connection)
{
mysql_select_db("mysql_17902_h") or die(mysql_error());
$result = mysql_query("SELECT link FROM links WHERE keyword = $keyword")
or die(mysql_error());
$row = mysql_fetch_array($result);
$outsy = $row['link'];
}
$state = true;
}
}
?>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试重写代码,使其更易读:
请注意使用
mysql_real_escape_string()来防止 SQL 注入攻击,并在 SQL 字符串中用单引号将变量括起来。您在这里忽略了这样做:文本类型字段周围没有引号是语法错误。同样,在代码中的这一点上, $keyword 包含脚本顶部返回的
substr()调用的任何内容,因此请确保 substr 调用实际上执行了您想要的操作。Try rewriting your code so it's more legible:
Note the use of
mysql_real_escape_string()to prevent SQL injection attacks, and surrounding the variables with single quotes within the SQL string. You've neglected to do so here:No quotes around a text-type field is a syntax error. As well, at that point in the code, $keyword contains whatever the
substr()call at the top of the script returned, so make sure that substr call actually does what you're intending.