我有一个PHP页面(ship_info.PHP),显示数据库中特定船舶的信息。每艘船都按其唯一的ship_id进行排序。
我需要在页面上获得链接,才能按字母顺序转到上一艘船或下一艘船。有人建议我使用一个单独的php文件(称为gotoship.php)
<!--go to previous ship-->
<div class="arrow_shipinfo_left">
<a href="gotoship.php?action=previous&current_ship_id=<?php echo $row_ship_image_info['ship_id']; ?>">
<img src="images/arrow_left.png" width="51" height="57" alt="back" border="none"/>
</a>
</div>
所以我最后得到了一个链接,看起来像"gotoship.php?"?action=上一个¤t_ship_id=7’。我无法让gotoship.php正常工作,有人能告诉我哪里出了问题吗。目前,我收到一个数组到字符串的转换错误。我需要链接到这样的页面(shipinfo.php?ship_id=7)
我的gotoship.php看起来是这样的:
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
mysql_select_db($database_ships, $ships);
$query_ships = "SELECT TOP 1 ships.ship_id FROM ship_information INNER JOIN ( SELECT ship_name FROM ship_information WHERE ship_id = $_GET'current_ship_id' ) As current_ship ON ships.ship_name < current_ship.ship_name ORDER BY ships.ship_name ASC";
$ships = mysql_query($query_ships, $ships) or die(mysql_error());
$row_ships = mysql_fetch_assoc($ships);
$totalRows_ships = mysql_num_rows($ships);
echo $current_ship_id;
echo "<br><br>";
?>
这对sql注入是开放的。你应该明白这意味着什么,你应该考虑切换到pdo,或者至少是mysqli。这个查询(只要查询本身是正确的)将根据GET(?ship_id=[the id that goes here]
)中提供的id选择一艘船。
mysql_select_db($database_ships, $ships);
$query_ships = "
SELECT ships.ship_id
FROM ship_information
INNER JOIN (
SELECT ship_name
FROM ship_information
WHERE ship_id = '$_GET[ship_id]')
AS current_ship
ON ships.ship_name < current_ship.ship_name
ORDER BY ships.ship_name ASC";
$ships = mysql_query($query_ships, $ships) or die(mysql_error());
$row_ships = mysql_fetch_assoc($ships);
$totalRows_ships = mysql_num_rows($ships);
echo $current_ship_id;
echo "<br><br>";