douzhu1188
douzhu1188
2013-08-28 14:28

PHP - where子句等于从URL中获取的2个值没有显示任何结果?

I am trying to get the results for a specific race at a specific meet.

raceresult.php?meet=<i>August Meet</i>&race=<i>Allowance Fillies 2yo</i>

The meet and race are showing up from the first query and some of the results show. For example:

THIS ONE WORKS

raceresult.php?meet=meet=2013 OJCR Australian Derby&race=Allowance - 9f on turf 3yo

DOES NOT WORK

raceresult.php?meet=2009 Gulfstream Park Grand Opening Meet&race=Flying Stakes - Grade I, 3 yr old+, 8F on dirt

Are there any characters causing an error in the second example? I can go through and fix that issue pretty easily but I'm not really sure what is keeping that URL from working while the other one works great.

My code is as follows.

<?php 

$sql = "SELECT * FROM racing WHERE `meet` = '$meet' LIMIT 1"; 
$query = mysql_query($sql) or die( mysql_error() . "<br />" . $sql );
while($row = mysql_fetch_array($query)){ 

$date= $row['date'];
echo "<h2><strong>$meet</strong> ($date)</h2>";
echo "<b>$race</b><br>";
}
?>

<?php 

$sql = "SELECT * FROM racing WHERE `meet`='$meet' and `race`='$race' ORDER BY place"; 
$query = mysql_query($sql) or die( mysql_error() . "<br />" . $sql );
while($row = mysql_fetch_array($query)){ 

$place= $row['place'];
$horse= $row['horse'];
$farm= $row['farm'];

echo"$place. $horse owned by $farm";

}
?>
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

2条回答

  • douxu0550 douxu0550 8年前

    Your second URL is probaby incorrect, because + in a URL is decoded to a space character. You need to encode that + as %2B instead, so it'll be treated as a literal +, not a space character.

    Since it's being mangled to space character, your query string will NEVER match, because you'll be comparing:

    database:   ... Grade I, 3 yr old+, 8F ...
    query   :   ... Grade I, 3 yr old , 8F ...
                                     ^---note the space
    
    点赞 评论 复制链接分享
  • dongque4778 dongque4778 8年前

    As a starting point, when creating the GET variables for the URL, they should be passed through urlencode to convert the spaces into something that can be used.

    Once in the script on this page, use urldecode to replace the encoded characters with their normal ones. (This bit might not be required - try it)

    Then pass them through mysql_escape_string to make them play nice and lower the chance of SQL injection.

    Try echoing the created $sql string to the screen or a log so that you can see exactly what is being attempted. This will help with making sure the GET variables are coming through correctly. Also, you can try running this SQL directly in a MySQL session to check that your SQL is correct.

    Finally, stop using mysql_ functions - they're deprecated. mysqli_ or PDO is the way to o

    点赞 评论 复制链接分享