我在当前分页中使用了一个get参数,它运行良好。然而,今天我遇到了SQL注入的想法,因此我尝试了mysqli_real_escape_string。当我刷新页面时,在使用get参数的查询中使用fetch_array似乎有问题。
我得到的错误:
Fatal error: Call to a member function fetch_array() on boolean in C:'xampp'htdocs'index.php on line 106
第106行:
while($fetchlistquery = $Listquery->fetch_array()) {
整个代码片段:
// Prepare pagination
$getPage = $LibraryUser->mysqli->real_escape_string($_GET["page"]);
if(isset($getPage)) { $page = $getPage; } else { $page = 1; };
$start_from = ($page-1) * 5;
// Get articles
$Listquery = $LibraryArticle->mysqli->query("SELECT * FROM site_articles ORDER BY id DESC LIMIT $start_from, 5");
while($fetchlistquery = $Listquery->fetch_array()) {
更新:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-5, 5' at line 1
只有当你不在实际页面中时才会发生这种情况,比如?page=1或?page=2.
知道如何让它工作吗?
在执行查询之前尝试检查$page值。避免使用*,使用正确的列名
if ($start_from >= 0)
$query = "SELECT * FROM site_articles ORDER BY id DESC LIMIT $start_from, 5";
else
$query = "SELECT * FROM site_articles ORDER BY id DESC LIMIT 0, 5";
// Get articles
$Listquery = $LibraryArticle->mysqli->query($query);
while($fetchlistquery = $Listquery->fetch_array()) {
您在错误的位置使用isset()函数。您应该先检查是否设置了$_GET['page']
当不存在$_GET['page']时,$LibraryUser->mysqli->real_escape_string($_GET["page"])返回"",然后将其设置为$getPage的值。所以你的isset($getPage)总是TRUE,这就是主要问题。先把它修好,它就会起作用。
if(isset($_GET["page"])) {
$getPage = $LibraryUser->mysqli->real_escape_string($_GET["page"]);
} else {
$getPage = 1;
}
$page = $getPage;