2012-10-02 103 views
1

我有這個小小的代碼片段,但它現在不是真的有效。我總是有資源ID#5錯誤。我在谷歌搜索了幾個指針,但沒有發現mutch來通過這個問題。在這裏我的代碼mysql錯誤資源ID#5

<?php 
include 'load_db.php'; 

$var1 = $_POST["gender_1"]; 
$var2 = $_POST["gender_2"]; 
$var3 = $_POST["age"]; 

$sql = mysql_query("SELECT url FROM links WHERE gender ='".$var1."' AND gender1 ='".$var2."' AND age ='".$var3."'"); 

$result_1 = mysql_query($sql) 
OR die("Error: $sql </br>".mysql_error()); 

echo $result_1; 
?> 

Error: Resource id #5

+0

什麼在 「load_db.php」? – BugFinder

+0

'<? $ dbname =「lp」; $ dbhost =「localhost」; $ dbuser =「root」; $ dbpass =「」; mysql_connect($ dbhost,$ dbuser,$ dbpass); mysql_select_db($ dbname); ?>'是在load_db.php – Johnny000

+0

沒關係...... – ashiaka

回答

4

您使用兩次mysql_query(),從$sql刪除mysql_query()

$var1 = mysql_real_escape_string($_POST["gender_1"]); 
$var2 = mysql_real_escape_string($_POST["gender_2"]); 
$var3 = mysql_real_escape_string($_POST["age"]); 

$sql = "SELECT url FROM links WHERE gender ='".$var1."' AND gender1 ='".$var2."' AND age ='".$var3."'"; 
$result_1 = mysql_query($sql) OR die("Error: $sql </br>".mysql_error()); 

然後循環中的結果:

while($row = mysql_fetch_array($result_1)){ 
    print_r($row); 
} 
+0

謝謝指針!但仍然獲得'資源ID#5' – Johnny000

+0

你真的像我說的嗎? –

+0

我太快了,循環的東西還沒有發佈。現在它工作了!非常感謝! – Johnny000

0

幾個要點:

  1. 雖然你創建了3個局部變量var1,var2,var3,但你仍然可以利用mysql插入來利用漏洞..你應該看看這個。
  2. 代碼:
$sql = mysql_query("SELECT url FROM links WHERE gender ='".$var1."' AND gender1 ='".$var2."' AND age ='".$var3."'"); 
$result_1 = mysql_query($sql) OR die("Error: $sql </br>".mysql_error()); 

您撥打sql_query兩次..

變化$ SQL只是

$sql = "SELECT url FROM links WHERE gender ='".$var1."' AND gender1 ='".$var2."' AND age ='".$var3."'";