dongyu5482
2017-12-24 15:16
浏览 110
已采纳

php变量在else函数中不起作用

So I'm using sql with php but one variable doesn't work. The variable $pagina works in the $sql but not within the else {} ($sql2 and header). The other variables do work ($naam and $bericht). Can anyone spot the mistake?
(Sorry for any possible mistakes in my English.)

<?php
$bericht = $_POST ['bericht'];
$pagina = $_GET ['id'];
$naam = $_SESSION['login'];
$con = mysqli_connect("host","sql","pw","sql");

if (empty($bericht)) {
}
    else
    {
$sql2="INSERT INTO Comments (bericht_id, naam, bericht) VALUES ('$pagina', '$naam', '$bericht')";
mysqli_query($con,$sql2);
header("location:directbericht.php?id=$pagina");
    }

$sql="SELECT * FROM Berichten WHERE id = $pagina";

if ($result=mysqli_query($con,$sql))
  {
  while ($obj=mysqli_fetch_object($result))
    {
    echo $obj->naam;
    echo "<br><br>";
    echo $obj->bericht;
    echo "<br><br>";
    echo $obj->datum;
    echo "<br><br>";
    }
}

$sql="SELECT * FROM Comments WHERE bericht_id = $pagina ORDER BY id ASC";

if ($result=mysqli_query($con,$sql))
  {
  while ($obj=mysqli_fetch_object($result))
    {
        echo "<tr><td><font color='white'>";
    echo $obj->naam;
    echo "<br><br>";
    echo $obj->bericht;
    echo "<br><br>";
    echo $obj->datum;
    echo "<br><br>";
        echo "</font></tr></td>";
    }
}

?>

图片转代码服务由CSDN问答提供 功能建议

所以我在php中使用sql但是一个变量不起作用。 变量 $ pagina $ sql 中工作,但不在 else {}($ sql2和header)中。 其他变量可以工作($ naam和$ bericht)。 任何人都可以发现错误吗?
(对不起我的英文错误。)

 &lt;?php 
 $ bericht = $ _POST ['bericht']  ; 
 $ pagina = $ _GET ['id']; 
 $ naam = $ _SESSION ['login']; 
 $ con = mysqli_connect(“host”,“sql”,“pw”,“sql”)  ; 
 
if(空($ bericht)){
} 
其他
 {
 $ sql2 =“INSERT INTO评论(bericht_id,naam,bericht)VALUES('$ pagina','$ naam',  '$ bericht')“; 
mysqli_query($ con,$ sql2); 
header(”location:directbericht.php?id = $ pagina“); 
} 
 
 $ sql =”SELECT * FROM Berichten WHERE  id = $ pagina“; 
 
if($ result = mysqli_query($ con,$ sql))
 {
 while($ obj = mysqli_fetch_object($ result))
 {
 echo $ obj-&gt;  naam; 
 echo“&lt; br&gt;&lt; br&gt;”; 
 echo $ obj-&gt; bericht; 
 echo“&lt; br&gt;&lt; br&gt;”; 
 echo $ obj-&gt; datum;  
 echo“&lt; br&gt;&lt; br&gt;”; 
} 
} 
 
 $ sql =“SELECT * FROM Comments WHERE bericht_id = $ pagina ORDER BY id ASC”; 
 
if($ result  = mysqli_query($ con,$ sql))
 {
 while($ obj = mysqli_fetch_object($ result))
 {
 
 ech  o“&lt; tr&gt;&lt; td&gt;&lt; font color ='white'&gt;”; 
 echo $ obj-&gt; naam; 
 echo“&lt; br&gt;&lt; br&gt;”; 
 echo $  obj-&gt; bericht; 
 echo“&lt; br&gt;&lt; br&gt;”; 
 echo $ obj-&gt; datum; 
 echo“&lt; br&gt;&lt; br&gt;”; 
 echo“&lt;  / font&gt;&lt; / tr&gt;&lt; / td&gt;“; 
} 
} 
 
?&gt; 
   
 
  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • douyue1998 2017-12-24 20:17
    已采纳

    There are a couple major things wrong with your code.

    The first, and most important to deal with is how you're inserting data into the database. As it is currently written, you are vulnerable to a SQL injection attack. Please read on how to use mysqli's bind parameters, or better yet, upgrade to PDO.

    Secondly, you're trying to pull data using both $_POST[] and $_GET[] in the same logic path. An http connection will be either a post, get, or some other kind of request. It will never be both. This is likely why it works when you put a number in, but not when you try to use $_GET[].

    已采纳该答案
    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题