categories.php页面不从DATABASE收集数据(categories.php page is not collecting data from DATABASE)
我的类别名称是我的导航栏。 我想在categories.php页面上显示“categoryname”,而我点击任何导航项。
页面与数据库连接 它正在创建动态链接 我检查了SQL查询,它的工作原理//this is categories.php file
<?php require ('includes/dbconnect.php');?>
<?php
if (!isset($_GET['categoryid'])){
header ("location:index.php");
}
$cat_sqli ="SELECT products.productid,products.productname,products.unit,products.price,products.brand,products.productdetails,categories.categoryid,categories.categoryname
FROM products
INNER JOIN categories ON (products.categoryid=categories.categoryid)
FROM products
INNER JOIN categories
ON (products.categoryid=categories.categoryid)
WHERE products.categoryid=".$_GET['categoryid'];
if ($cat_query = mysqli_query ($dbconnect,$cat_sqli)){
$cat_rs=mysqli_fetch_assoc($cat_query);
}
?>
<body>
<h1>Selected category | <?php echo $cat_rs['categoryname'];?></h1>
</body>
My category name is my navigation bar. I want to display "categoryname" on categories.php page while i am clicking any navigation items .
page is connected with database
it is creating dynamic links
i checked the SQL query, its working
//this is categories.php file
<?php require ('includes/dbconnect.php');?>
<?php
if (!isset($_GET['categoryid'])){
header ("location:index.php");
}
$cat_sqli ="SELECT products.productid,products.productname,products.unit,products.price,products.brand,products.productdetails,categories.categoryid,categories.categoryname
FROM products
INNER JOIN categories ON (products.categoryid=categories.categoryid)
FROM products
INNER JOIN categories
ON (products.categoryid=categories.categoryid)
WHERE products.categoryid=".$_GET['categoryid'];
if ($cat_query = mysqli_query ($dbconnect,$cat_sqli)){
$cat_rs=mysqli_fetch_assoc($cat_query);
}
?>
<body>
<h1>Selected category | <?php echo $cat_rs['categoryname'];?></h1>
</body>
最满意答案
除了scaisEdge答案,我想修复你的查询从sql注入漏洞并使用预备语句如下:
//this is categories.php file
<?php require ('includes/dbconnect.php');?>
<?php
if (!isset($_GET['categoryid'])){
header ("location:index.php");
}
$array_of_result = [];
$cat_sqli ="SELECT
products.productid
,products.productname
,products.unit
,products.price
,products.brand
,products.productdetails
,categories.categoryid
,categories.categoryname
FROM products
INNER JOIN categories ON products.categoryid=categories.categoryid
WHERE products.categoryid=?";
$stmt = $dbconnect->prepare($cat_sqli);
if($stmt){
$stmt->bind_param('i', filter_input(INPUT_GET, 'categoryid', FILTER_VALIDATE_INT));
if($stmt->execute()){
$result = $stmt->get_result();
$num_of_rows = $result->num_rows;
if($num_of_rows>0){
while ($row = $result->fetch_assoc()) {
$array_of_result[] = $row;
}
}
$stmt->free_result();
$stmt->close();
}
}
?>
<body>
<h1>Selected category |
<?php
if(!empty($array_of_result)){
foreach($array_of_result as $r){
echo $r['categoryname'];
break;
}
}
</h1>
</body>
in addition to scaisEdge answer, I want to fix your query from sql injection vulnerability and use prepared statements as follow:
//this is categories.php file
<?php require ('includes/dbconnect.php');?>
<?php
if (!isset($_GET['categoryid'])){
header ("location:index.php");
}
$array_of_result = [];
$cat_sqli ="SELECT
products.productid
,products.productname
,products.unit
,products.price
,products.brand
,products.productdetails
,categories.categoryid
,categories.categoryname
FROM products
INNER JOIN categories ON products.categoryid=categories.categoryid
WHERE products.categoryid=?";
$stmt = $dbconnect->prepare($cat_sqli);
if($stmt){
$stmt->bind_param('i', filter_input(INPUT_GET, 'categoryid', FILTER_VALIDATE_INT));
if($stmt->execute()){
$result = $stmt->get_result();
$num_of_rows = $result->num_rows;
if($num_of_rows>0){
while ($row = $result->fetch_assoc()) {
$array_of_result[] = $row;
}
}
$stmt->free_result();
$stmt->close();
}
}
?>
<body>
<h1>Selected category |
<?php
if(!empty($array_of_result)){
foreach($array_of_result as $r){
echo $r['categoryname'];
break;
}
}
</h1>
</body>
更多推荐
发布评论