categories.php页面不从DATABASE收集数据(categories.php page is not collecting data from DATABASE)
我的类别名称是我的导航栏。 我想在categories.php页面上显示“categoryname”,而我点击任何导航项。
页面与数据库连接 它正在创建动态链接 我检查了SQL查询,它的工作原理//this is categories.php file <?php require ('includes/dbconnect.php');?> <?php if (!isset($_GET['categoryid'])){ header ("location:index.php"); } $cat_sqli ="SELECT products.productid,products.productname,products.unit,products.price,products.brand,products.productdetails,categories.categoryid,categories.categoryname FROM products INNER JOIN categories ON (products.categoryid=categories.categoryid) FROM products INNER JOIN categories ON (products.categoryid=categories.categoryid) WHERE products.categoryid=".$_GET['categoryid']; if ($cat_query = mysqli_query ($dbconnect,$cat_sqli)){ $cat_rs=mysqli_fetch_assoc($cat_query); } ?> <body> <h1>Selected category | <?php echo $cat_rs['categoryname'];?></h1> </body>My category name is my navigation bar. I want to display "categoryname" on categories.php page while i am clicking any navigation items .
page is connected with database it is creating dynamic links i checked the SQL query, its working//this is categories.php file <?php require ('includes/dbconnect.php');?> <?php if (!isset($_GET['categoryid'])){ header ("location:index.php"); } $cat_sqli ="SELECT products.productid,products.productname,products.unit,products.price,products.brand,products.productdetails,categories.categoryid,categories.categoryname FROM products INNER JOIN categories ON (products.categoryid=categories.categoryid) FROM products INNER JOIN categories ON (products.categoryid=categories.categoryid) WHERE products.categoryid=".$_GET['categoryid']; if ($cat_query = mysqli_query ($dbconnect,$cat_sqli)){ $cat_rs=mysqli_fetch_assoc($cat_query); } ?> <body> <h1>Selected category | <?php echo $cat_rs['categoryname'];?></h1> </body>最满意答案
除了scaisEdge答案,我想修复你的查询从sql注入漏洞并使用预备语句如下:
//this is categories.php file <?php require ('includes/dbconnect.php');?> <?php if (!isset($_GET['categoryid'])){ header ("location:index.php"); } $array_of_result = []; $cat_sqli ="SELECT products.productid ,products.productname ,products.unit ,products.price ,products.brand ,products.productdetails ,categories.categoryid ,categories.categoryname FROM products INNER JOIN categories ON products.categoryid=categories.categoryid WHERE products.categoryid=?"; $stmt = $dbconnect->prepare($cat_sqli); if($stmt){ $stmt->bind_param('i', filter_input(INPUT_GET, 'categoryid', FILTER_VALIDATE_INT)); if($stmt->execute()){ $result = $stmt->get_result(); $num_of_rows = $result->num_rows; if($num_of_rows>0){ while ($row = $result->fetch_assoc()) { $array_of_result[] = $row; } } $stmt->free_result(); $stmt->close(); } } ?> <body> <h1>Selected category | <?php if(!empty($array_of_result)){ foreach($array_of_result as $r){ echo $r['categoryname']; break; } } </h1> </body>in addition to scaisEdge answer, I want to fix your query from sql injection vulnerability and use prepared statements as follow:
//this is categories.php file <?php require ('includes/dbconnect.php');?> <?php if (!isset($_GET['categoryid'])){ header ("location:index.php"); } $array_of_result = []; $cat_sqli ="SELECT products.productid ,products.productname ,products.unit ,products.price ,products.brand ,products.productdetails ,categories.categoryid ,categories.categoryname FROM products INNER JOIN categories ON products.categoryid=categories.categoryid WHERE products.categoryid=?"; $stmt = $dbconnect->prepare($cat_sqli); if($stmt){ $stmt->bind_param('i', filter_input(INPUT_GET, 'categoryid', FILTER_VALIDATE_INT)); if($stmt->execute()){ $result = $stmt->get_result(); $num_of_rows = $result->num_rows; if($num_of_rows>0){ while ($row = $result->fetch_assoc()) { $array_of_result[] = $row; } } $stmt->free_result(); $stmt->close(); } } ?> <body> <h1>Selected category | <?php if(!empty($array_of_result)){ foreach($array_of_result as $r){ echo $r['categoryname']; break; } } </h1> </body>
更多推荐
发布评论