MySQL不喜欢我的陈述 - mysql doesn't like my statement

mysql doesn't like my statement

本文关键字：陈述我的不喜欢 MySQL | 更新日期: 2023-09-27

我正在尝试从数据库中的关系表中调用书籍详细信息，mysql 在代码语法中抛出错误。上一页是

  <html>
    <head>
    <title>Retrieve Relationships</title>
    </head>
    <body>
    <dl>
    <?php
    // Connect to database server
    mysql_connect("localhost","","") or die (mysql_error ());
    // Select database
    mysql_select_db("test") or die(mysql_error());
    // Get data from the database depending on the value of the id in the URL
    $title = (isset($_GET['title']) && is_string($_GET['title'])) ? $_GET['title'] : null;
$sTitle = mysql_real_escape_string($title);
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$sTitle}'";
     $rs = mysql_query($strSQL)
    // Loop the recordset $rs
    while($row = mysql_fetch_array($rs)){
        // Write the data of the person
        echo "<dt>Book One:</dt><dd>" . $row["bookone"] . "</dd>";
        echo "<dt>Book Two:</dt><dd>" . $row["booktwo"] . "</dd>";
        echo "<dt>Relationship:</dt><dd>" . $row["relationship"] . "</dd>";
        echo "<dt>Likes:</dt><dd>" . $row["relationshiplikes"] . "</dd>";
        echo "<dt>Dislikes:</dt><dd>" . $row["relationshipdislikes"] . "</dd>";
    }
    // Close the database connection
    mysql_close();
    ?>
    </dl>
    <p><a href="search.php">Return to the list</a></p>
    </body>
    </html>

我试图让页面显示的是 bookone 的代码和 booktwo 的代码，其中 bookones id = bookid

任何帮助将不胜感激

它应该是：

$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$_GET['bookone']}'";

虽然，真的，它应该是：

$title = (isset($_GET['title']) && is_string($_GET['title'])) ? $_GET['title'] : null;
$sTitle = mysql_real_escape_string($title);
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$sTitle}'";

SQL注入:)相当糟糕。

(更不用说如果用户搜索标题中带有撇号的书，它也会无害地中断。

此表似乎不需要联接。您实际上根本没有使用书籍表。看起来您所需要的只是：

SELECT r.bookone, r.booktwo, r.relationship FROM relationships AS r WHERE r.bookone='{$sTitle}'

但稍后您将使用列relationshiplikes和relationshipdislikes，您不会使用此查询获取这些列。所以也许你真正想要的是这个：

SELECT r.* FROM relationships AS r WHERE r.bookone='{$sTitle}'