1

データベースのリレーションシップテーブルから本の詳細を呼び出そうとしていますが、mysqlはコードの構文でエラーをスローしています。前のページは

  <html>
    <head>
    <title>Retrieve Relationships</title>
    </head>
    <body>

    <dl>

    <?php
    // Connect to database server
    mysql_connect("localhost","","") or die (mysql_error ());

    // Select database
    mysql_select_db("test") or die(mysql_error());

    // Get data from the database depending on the value of the id in the URL
    $title = (isset($_GET['title']) && is_string($_GET['title'])) ? $_GET['title'] : null;
$sTitle = mysql_real_escape_string($title);
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$sTitle}'";
     $rs = mysql_query($strSQL)
    // Loop the recordset $rs

    while($row = mysql_fetch_array($rs)){

        // Write the data of the person
        echo "<dt>Book One:</dt><dd>" . $row["bookone"] . "</dd>";
        echo "<dt>Book Two:</dt><dd>" . $row["booktwo"] . "</dd>";
        echo "<dt>Relationship:</dt><dd>" . $row["relationship"] . "</dd>";
        echo "<dt>Likes:</dt><dd>" . $row["relationshiplikes"] . "</dd>";
        echo "<dt>Dislikes:</dt><dd>" . $row["relationshipdislikes"] . "</dd>";

    }

    // Close the database connection
    mysql_close();
    ?>

    </dl>
    <p><a href="search.php">Return to the list</a></p>

    </body>

    </html>

ページを表示させようとしているのは、bookoneのコードとbooktwoのコードです。ここでbookones id = booksid

どんな助けでも大歓迎です

4

2 に答える 2

2

そのはず:

$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$_GET['bookone']}'";

ただし、実際には、次のようにする必要があります。

$title = (isset($_GET['title']) && is_string($_GET['title'])) ? $_GET['title'] : null;
$sTitle = mysql_real_escape_string($title);
$strSQL = "SELECT relationships.bookone, relationships.booktwo, relationships.relationship
FROM relationships, books
WHERE books.bookid=relationships.bookone AND relationships.bookone='{$sTitle}'";

SQLインジェクションはかなり悪いです:)。

(言うまでもなく、ユーザーがタイトルにアポストロフィを含む本を検索した場合も、無害に壊れます。)

于 2012-05-22T00:15:39.427 に答える
0

It seems you do not need a join for this table. You are not actually using the books table at all. It looks like all you need is:

SELECT r.bookone, r.booktwo, r.relationship FROM relationships AS r WHERE r.bookone='{$sTitle}'

But later you are using columns relationshiplikes and relationshipdislikes which you are not picking up with this query. So maybe what you really want is this:

SELECT r.* FROM relationships AS r WHERE r.bookone='{$sTitle}'
于 2012-05-22T00:30:13.657 に答える