dtpyvb1873 2012-07-09 18:58
浏览 39
已采纳

如果在MySQL / PHP中为空,则隐藏该字段

I have a field called urlOne in my database. I would like it to only echo html if it has a URL as a value. Here is my code:

$id = $_REQUEST['id'];
$query = "SELECT * FROM sites WHERE id = $id LIMIT 1";
$result = mysql_query($query);
$url = $row['urlOne'];
while($row = mysql_fetch_assoc($result)){
    echo "<section class='prop-desc'>";
    echo $desc;
    echo "</section>";
    $result = mysql_query("SELECT * FROM sites WHERE $id LIMIT 1");
    if(!empty($row['urlOne'])){
        echo "<h4 class='cta'><a href='$url'>Launch Site</a></h4>"
    }
}
  • 写回答

2条回答 默认 最新

  • dongqian9013 2012-07-10 08:21
    关注

    Whilst Rab Nawaz's answer worked, it is not really correct.

    The mysql_* functions are no longer maintained and community has begun the deprecation process. Instead you should learn about prepared statements and use either PDO or MySQLi.

    If you cannot decide, this article should help you choose. Though, you should know, that PDO is able to work with different kinds of RDBMS, while MySQLi is made for a specific one. In case you decide to go with PDO, it's recommended you follow this tutorial.

    For your particular case your code should look more like this:-

    $dsn = 'mysql:dbname=dbname;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';

try {
    $db = new PDO($dsn, $user, $password);
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
}

$id = someMethodOfValidation($_POST['id']);

    Note:- You should specificy $_POST or $_GET; as $_REQUEST could come from either and you should always know where your input is coming from.

    User input should always be validated, your method leaves you wide open to SQL injection hence the someMethodOfValidation() bit which you will need to write to fit your expected input. In your case it looks like you are expecting an integer value, so your validation could be as simple as $id = (int)$_POST['id'];.

    It is traditional when talking about SQL injection to tell the tale of Little Bobby Tables, so here it is:-

    enter image description here

    To continue your code:-

    $stmt = $db->prepare("SELECT * FROM sites WHERE id=:id");
$stmt->execute(array(':id' => $id));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);

foreach($rows as $row){
    if(!empty($row['urlone']){
        echo "<h4 class='cta'><a href='{$row['urlone']}'>Launch Site</a></h4>";
}

    I can't emphasise enough that the code you have above is unsafe and should never be used on a live server. Do not bother learning to use the mysql_* functions, you will be wasting your time. PDO is not hard to learn and is, in fact, quite simple once you get the hang of it. The tutorial linked to above will get you well on the way to using PDO successfully.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 使用EMD去噪处理RML2016数据集时候的原理
  • ¥15 神经网络预测均方误差很小 但是图像上看着差别太大
  • ¥15 Oracle中如何从clob类型截取特定字符串后面的字符
  • ¥15 想通过pywinauto自动电机应用程序按钮,但是找不到应用程序按钮信息
  • ¥15 如何在炒股软件中,爬到我想看的日k线
  • ¥15 seatunnel 怎么配置Elasticsearch
  • ¥15 PSCAD安装问题 ERROR: Visual Studio 2013, 2015, 2017 or 2019 is not found in the system.
  • ¥15 (标签-MATLAB|关键词-多址)
  • ¥15 关于#MATLAB#的问题,如何解决?(相关搜索:信噪比,系统容量)
  • ¥500 52810做蓝牙接受端