dongyu5482 2017-12-24 15:16
浏览 110
已采纳

php变量在else函数中不起作用

So I'm using sql with php but one variable doesn't work. The variable $pagina works in the $sql but not within the else {} ($sql2 and header). The other variables do work ($naam and $bericht). Can anyone spot the mistake?
(Sorry for any possible mistakes in my English.)

<?php
$bericht = $_POST ['bericht'];
$pagina = $_GET ['id'];
$naam = $_SESSION['login'];
$con = mysqli_connect("host","sql","pw","sql");

if (empty($bericht)) {
}
    else
    {
$sql2="INSERT INTO Comments (bericht_id, naam, bericht) VALUES ('$pagina', '$naam', '$bericht')";
mysqli_query($con,$sql2);
header("location:directbericht.php?id=$pagina");
    }

$sql="SELECT * FROM Berichten WHERE id = $pagina";

if ($result=mysqli_query($con,$sql))
  {
  while ($obj=mysqli_fetch_object($result))
    {
    echo $obj->naam;
    echo "<br><br>";
    echo $obj->bericht;
    echo "<br><br>";
    echo $obj->datum;
    echo "<br><br>";
    }
}

$sql="SELECT * FROM Comments WHERE bericht_id = $pagina ORDER BY id ASC";

if ($result=mysqli_query($con,$sql))
  {
  while ($obj=mysqli_fetch_object($result))
    {
        echo "<tr><td><font color='white'>";
    echo $obj->naam;
    echo "<br><br>";
    echo $obj->bericht;
    echo "<br><br>";
    echo $obj->datum;
    echo "<br><br>";
        echo "</font></tr></td>";
    }
}

?>
  • 写回答

1条回答 默认 最新

  • douyue1998 2017-12-24 20:17
    关注

    There are a couple major things wrong with your code.

    The first, and most important to deal with is how you're inserting data into the database. As it is currently written, you are vulnerable to a SQL injection attack. Please read on how to use mysqli's bind parameters, or better yet, upgrade to PDO.

    Secondly, you're trying to pull data using both $_POST[] and $_GET[] in the same logic path. An http connection will be either a post, get, or some other kind of request. It will never be both. This is likely why it works when you put a number in, but not when you try to use $_GET[].

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?