我得到以下错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'testing order by id'
这是主页。。
echo "<div ><a href='secondpage.php?title=".urlencode($row['title'])."'>".wordwrap($row['title'], 35, "<br />n", true)."</a></div>";
这是出现错误的第二页。地址栏显示http://localhost/secondpage.php?title=more+testing
<?php
$mydb = new mysqli('localhost', 'root', '', 'test');
$sql = "SELECT * FROM test where urlencode(title) =".$_GET['title']" order by id ";
$result = $mydb->query($sql);
if (!$result) {
echo $mydb->error;
}
?>
<div>
<?php
while( $row = $result->fetch_assoc() ){
echo $row['firstname'];
}
$mydb->close ();
?>
</div>
您想要使用urldecode来解码查询中的编码字符串:
$title = urldecode($_GET['title']);
$sql = "SELECT * FROM test where title = '$title' order by id";
我假设您的test表中有一个名为title的列。我不认为MySQL有urlencode函数,除非你有一个与PHP的urlencode完全相似的过程。
更新:
感谢@GeorgeLund,他指出了SQL注入的要点。我之前在回答你的问题时遗漏了一个重要话题。请看一下:https://www.owasp.org/index.php/SQL_Injection
至少请将您的代码更新为以下内容:
$title = urldecode($_GET['title']);
$title = mysqli_real_escape_string($title); // Addition
$sql = "SELECT * FROM test where title = '$title' order by id";
$sql = "SELECT * FROM test where urlencode(title) ='".$_GET['title']."' order by id ";
像一样尝试
$sql = "SELECT * FROM test WHERE urlencode(title) = ".$_GET['title']." ORDER BY id ";
您错过了.线索语法消失。
据我所知,SQL没有函数urlencode,为什么还要urlencode列名?
还要存储从最后一页接收的编码标题字符串,您应该解码编码标题
这就是我认为你的意图。
$sql = "SELECT * FROM test WHERE title = ".urldecode($_GET['title'])." order by id ";
请使用urldecode 尝试此代码
$sql = "SELECT * FROM test where title =".urldecode($_GET['title'])" order by id ";