小贝子编程

将 $_POST 代码更新为 php7,是设置问题?



升级到php7后出现此错误,我已经解决了大多数问题。

错误:您的 SQL 语法有错误;请查看手册 对应于您的MySQL服务器版本,以便使用正确的语法 靠近第 1 行的">

这是代码的开头(这似乎是导致问题的原因)。当页面加载时,未设置 $_POST,有一个下拉列表(从 sql1 创建),此结果将馈送到脚本后面的其他 sql 查询中。

<?php include 'connect.php'; ?>
<?php
$post_pub = isset($_POST['site']) ?: $_POST['site'] = '';
// Perform queries 
$sql1="SELECT Site_ID, Site_name_1 FROM `Sites` ORDER BY `Sites`.`Site_ID` ASC";

这是完整的代码

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>
<?php include 'header.php'; ?> 
<div class='container'> 
<?php include 'menu.php'; ?> 
<?php include 'connect.php'; ?>
<?php
$post_pub = isset($_POST['site']) ?: $_POST['site'] = '';
// Perform queries 
$sql1="SELECT Site_ID, Site_name_1 FROM `Sites` ORDER BY `Sites`.`Site_ID` ASC"; 
//$sql1="SELECT Site_ID, Site_name_1 FROM 'Sites' ORDER BY 'Sites'.'Site_ID' ASC"; 
$sqltable1="SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=$post_pub";
$sqltable2="SELECT Aspects.Aspect, Aspect_Pub_join.Pub_ID FROM `Aspects` INNER JOIN `Aspect_Pub_join` ON Aspects.Aspect_ID=Aspect_Pub_join.Aspect_ID WHERE Aspect_Pub_join.Pub_ID=$post_pub"; 
$sqltable3="SELECT Publications.Pub_ID, Questions.Question FROM `Publications` LEFT JOIN `Aspect_Pub_join` ON Publications.Pub_ID=Aspect_Pub_join.Pub_ID LEFT JOIN `Aspect_question_join` ON Aspect_Pub_join.Aspect_ID=Aspect_question_join.Aspect_ID LEFT JOIN `Questions` ON Aspect_question_join.Question_ID=Questions.Question_ID Where Publications.Pub_ID=$post_pub GROUP BY Question ORDER BY Publications.Pub_ID ASC";
$sqltable4="SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=$post_pub"; 
$sqltable5="SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=$post_pub"; 
$result1=mysqli_query($mysqli, $sql1) or die("Error: ".mysqli_error($mysqli));
$result_table1=mysqli_query($mysqli, $sqltable1) or die("Error: ".mysqli_error($mysqli));
$result_table2=mysqli_query($mysqli, $sqltable2) or die("Error: ".mysqli_error($mysqli));
$result_table3=mysqli_query($mysqli, $sqltable3) or die("Error: ".mysqli_error($mysqli));
$result_table4=mysqli_query($mysqli, $sqltable4) or die("Error: ".mysqli_error($mysqli));
$result_table5=mysqli_query($mysqli, $sqltable5) or die("Error: ".mysqli_error($mysqli));

$site_array = array();
while (list($id, $name) = mysqli_fetch_row($result1)) {$site_array[$id] = $name;}

//// Free result set
//mysqli_free_result($result);
function get_options($arr, $current=null) 
{
$opts = '';
foreach ($arr as $k => $v) {
$sel = $k==$current ? 'selected="selected"' : '';
$opts .= "<option value='$k'  $sel>$k $v</option>n";
}
return $opts;
}

?>
<html>
<body>
<br/>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<select name="site" onchange="this.form.submit();">
<?php echo"<option>Select Site</option>";?>
<?php echo get_options($site_array);?>
</select>

</form>
<br/>
<p> Displaying all information for:<?php if(isset($_POST['site'])){echo $_POST['site'];} ?></p>

<div style="void:both;";></div>

<div class='table_holder'>
<div class='table' style='height:100px; margin-right:20px;'>
<table width='100%' align='center' id='table1' class='tablesorter'>
<thead>
<tr>
<th>Publication Title</th>
</tr>
</thead>

<?php while($rows1=mysqli_fetch_array($result_table1)){ ?>
<tr>
<td><?php echo $rows1['ART_TITEL']; ?></td>
</tr>
<?php } ?>
</table>
</div> 
</div> 

<br/><br/>
<div style="void:both;";></div>
<br/><br/>
<div class='table_holder'>
<div class='table' style='height:200px;'>
<table width='100%' align='center' id='table2' class='tablesorter'>
<thead>
<tr>
<th>Aspects</th>
</tr>
</thead>
<?php while($rows2=mysqli_fetch_array($result_table2)){ ?>
<tr>
<td><?php echo $rows2['Aspect']; ?></td>
</tr>
<?php } ?>
</table>
</div> 
</div> 
<br/><br/>
<div style="void:both;";></div>
<br/><br/>
<div class='table_holder'>
<div class='table' style='height:200px;'>
<table width='100%' align='center' id='table3' class='tablesorter'>
<thead>
<tr>
<th>Question</th>
</tr>
</thead>
<?php while($rows3=mysqli_fetch_array($result_table3)){ ?>
<tr>
<td><?php echo $rows3['Question']; ?></td>
</tr>
<?php } ?>
</table>
</div> 
</div> 



<?php include 'footer.php' ?>

看起来您正在将$post_pub设置为字符串(如果它不存在),但在后续语句中比较,就好像它是数字一样

$post_pub = isset($_POST['site']) ?: $_POST['site'] = ''

如果开机自检中不存在,则此处$post_pub将设置为">

当你像这样构建 SQL 时

$sqltable1="SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=$post_pub";

该语句看起来像

SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=

你想要类似的东西的地方

SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` 


SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID=''


SELECT Publications.Pub_ID, Publications.ART_TITEL FROM `Publications` where Pub_ID is null

您还应考虑在查询中使用参数而不是字符串连接,因为您拥有的代码会让您容易受到 SQL 注入攻击。

检查短 if 条件。 似乎,那应该是:

$post_pub = isset($_POST['site']) ? $_POST['site'] : '';

检查此示例:

$post_pub = isset($_POST['site']) ?: $_POST['site'] = '';
echo $post_pub; // empty string
$_POST['site'] = 'test';
$post_pub = isset($_POST['site']) ?: $_POST['site'] = '';
echo $post_pub; // true - 1

您是在 db、"true"还是 concrect id 中搜索?

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium