我正在尝试从数据库中的关系表中调用书籍详细信息,mysql 在代码语法中抛出错误。上一页是
<html>
<head>
<title>Retrieve Relationships</title>
</head>
<body>
<dl>
<?php
// Connect to database server
mysql_connect("localhost","","") or die (mysql_error ());
// Select database
mysql_select_db("test") or die(mysql_error());
// Get data from the database depending on the value of the id in the URL
$title = (isset($_GET['title']) && is_string($_GET['title'])) ? $_GET['title'] : null;
$sTitle = mysql_real_escape_string($title);
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$sTitle}'";
$rs = mysql_query($strSQL)
// Loop the recordset $rs
while($row = mysql_fetch_array($rs)){
// Write the data of the person
echo "<dt>Book One:</dt><dd>" . $row["bookone"] . "</dd>";
echo "<dt>Book Two:</dt><dd>" . $row["booktwo"] . "</dd>";
echo "<dt>Relationship:</dt><dd>" . $row["relationship"] . "</dd>";
echo "<dt>Likes:</dt><dd>" . $row["relationshiplikes"] . "</dd>";
echo "<dt>Dislikes:</dt><dd>" . $row["relationshipdislikes"] . "</dd>";
}
// Close the database connection
mysql_close();
?>
</dl>
<p><a href="search.php">Return to the list</a></p>
</body>
</html>
我试图让页面显示的是 bookone 的代码和 booktwo 的代码,其中 bookones id = bookid
任何帮助将不胜感激
它应该是:
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$_GET['bookone']}'";
虽然,真的,它应该是:
$title = (isset($_GET['title']) && is_string($_GET['title'])) ? $_GET['title'] : null;
$sTitle = mysql_real_escape_string($title);
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$sTitle}'";
SQL注入:)相当糟糕。
(更不用说如果用户搜索标题中带有撇号的书,它也会无害地中断。
此表似乎不需要联接。您实际上根本没有使用书籍表。看起来您所需要的只是:
SELECT r.bookone, r.booktwo, r.relationship FROM relationships AS r WHERE r.bookone='{$sTitle}'
但稍后您将使用列relationshiplikes
和relationshipdislikes
,您不会使用此查询获取这些列。所以也许你真正想要的是这个:
SELECT r.* FROM relationships AS r WHERE r.bookone='{$sTitle}'