In php, the values in $ get can be read by mysql?

59 2
<?php
 include("../conn.php");
 if ($_GET[post])
 {
 $sql ="SELECT * FROM message WHERE id = $_GET[post]";
 $query = mysql_query($sql);
 $row = mysql_fetch_array($query);
 }
 if($_POST['submit'])
 {
 $sql ="insert into reply (id,id_p,time,content) values('','$_GET[post]',now(),'$_POST[content]')";
 mysql_query($sql);
 echo"<meta http-equiv=refresh content=0";
 }
?>


$sql ="insert into reply (id,id_p,time,content) values('','$_GET[post]',now(),'$_POST[content]')";

The value of id p is always 0, and the rest of the values are normal, not known.
$ _get [ post ] is the value, and can be used above and below the code, but it cannot be used in this sql statement.

Id [ $ ] [ _get $ a number of methods, such as a;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;,;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;?

echo"<meta http-equiv=refresh content=0";

The problem.
4 Answers

122 4

Change the $_GET[post] in the sql to {$_GET['post']}

In addition, you've to enhance the coding habits of the code, this code is indent to look crazy. echo"<meta http-equiv=refresh content=0"; The output of the html isn't closed with >, and the property isn't in double quotation marks. The programmer is qualities are required.

129 4

Change the $_GET[post] in the sql to {$_GET['post']}

In addition, you've to enhance the coding habits of the code, this code is indent to look crazy. echo"<meta http-equiv=refresh content=0"; The output of the html isn't closed with >, and the property isn't in double quotation marks. The programmer is qualities are required.

79 3

First, you need to figure out that sql doesn't perform any of the values submitted by any page;
Second, according to your code, php will resolve the value submitted by your page and generate the sql statement;
Again, your code is very hard to write,,;
Again, please make sure that your page is submitted, whether it's get, or post, if it isn't sure, please use request, get, a later post, and so on;
{$POST['post']} % % finally, when you write complex variables in "", remember to add. like.

Complement:
Confirm whether your page submitted parameter is post
You can print out all the values submitted by the page in the page that you posted, and add the following code at the beginning:
echo <xmp>;
var_dump($_REQUEST);
echo </xmp>;

144 4

First, you need to figure out that sql doesn't perform any of the values submitted by any page;
Second, according to your code, php will resolve the value submitted by your page and generate the sql statement;
Again, your code is very hard to write,,;
Again, please make sure that your page is submitted, whether it's get, or post, if it isn't sure, please use request, get, a later post, and so on;
{$POST['post']} % % finally, when you write complex variables in "", remember to add. like.

Complement:
Confirm whether your page submitted parameter is post
You can print out all the values submitted by the page in the page that you posted, and add the following code at the beginning:
echo <xmp>;
var_dump($_REQUEST);
echo </xmp>;

123 4

Your field is. And it's from 128 ~ 127, and it'll not overflow.
Also, in essence, or ( 10 ) and int ( 1 ) have no difference, so it's generally not that true false or a field of status type, with no int ( 1 ), and you give an int ( 10 ).

Make this watch structure and change it.

$sql ="alter table reply change id id int(10) NOT NULL AUTO_INCREMENT";
mysql_query($sql) or die(mysql_error());
$sql ="alter table reply change id_p id_p int(10) NOT NULL";
mysql_query($sql) or die(mysql_error());

Then change the code so that all the information is read out.

if($_POST['submit'])
{
 $sql ="insert into reply (id_p,time,content) values('{$_GET['post']}',now(),'{$_POST['content']}')";
 echo $sql;
 mysql_query($sql) or die(mysql_error());
 $sql ="select * from reply order by id DESC limit 1";
 $query = mysql_query($sql);
 $result = mysql_fetch_array($query);
 var_dump($result);
//echo"<meta http-equiv=refresh content=0/>";
}

There are so many problems with sql:

  • Since id is already a primary key, it isn't explicitly inserted in the sql.
  • A variable in double quotation marks is best enclosed in % 7b %.
  • MySQL query to perform error handling such as or die ( mysql_error ) )
68 3

Your field is. And it's from 128 ~ 127, and it'll not overflow.
Also, in essence, or ( 10 ) and int ( 1 ) have no difference, so it's generally not that true false or a field of status type, with no int ( 1 ), and you give an int ( 10 ).

Make this watch structure and change it.

$sql ="alter table reply change id id int(10) NOT NULL AUTO_INCREMENT";
mysql_query($sql) or die(mysql_error());
$sql ="alter table reply change id_p id_p int(10) NOT NULL";
mysql_query($sql) or die(mysql_error());

Then change the code so that all the information is read out.

if($_POST['submit'])
{
 $sql ="insert into reply (id_p,time,content) values('{$_GET['post']}',now(),'{$_POST['content']}')";
 echo $sql;
 mysql_query($sql) or die(mysql_error());
 $sql ="select * from reply order by id DESC limit 1";
 $query = mysql_query($sql);
 $result = mysql_fetch_array($query);
 var_dump($result);
//echo"<meta http-equiv=refresh content=0/>";
}

There are so many problems with sql:

  • Since id is already a primary key, it isn't explicitly inserted in the sql.
  • A variable in double quotation marks is best enclosed in % 7b %.
  • MySQL query to perform error handling such as or die ( mysql_error ) )
...