url上的PHP/JSON參數

Question

我創建了一個連接數據庫的php文件，從表中獲取數據並以json格式顯示它。

該文件在被調用的index.php。

要查看JSON我剛去的文件瀏覽器：

http://127.0.0.1/json/index.php and it displays: 

{"title":[{"id":"1","title":"Title1","desc":"Description1"},{"id":"2","title":"Title2","desc":"Description2"}]} 

我需要做的是能夠通過添加參數，如過濾此：

For example: http://127.0.0.1/json/index.php?id=1 to just show the data with an id of 1 but it still shows all the data. 

這裏是php代碼：

<?php 

$username = "root"; 
$password = ""; 
$hostname = "localhost"; 

//connection to the database 
$dbhandle = mysql_connect($hostname, $username, $password) 
    or die("Unable to connect to MySQL"); 

$selected = mysql_select_db("mydb",$dbhandle) 
    or die("Could not select mydb"); 

$result = mysql_query("SELECT * FROM contacts"); 
$rows = array(); 
    while($r = mysql_fetch_assoc($result)) { 
    $rows['title'][] = $r; 
    } 

print json_encode($rows); 

?> 

我在做什麼錯在這裏或失蹤？

Answer 1

<?php 
    $username = "root"; 
    $password = ""; 
    $hostname = "localhost"; 

    //connection to the database 
    $dbhandle = mysql_connect($hostname, $username, $password) 
    or die("Unable to connect to MySQL"); 

    $selected = mysql_select_db("mydb",$dbhandle) 
    or die("Could not select mydb"); 

    $id = 0; 
    if(isset($_GET['id'])){ $id = (int)$_GET['id']; } 

    if(!$id){ 
     $query = "SELECT * FROM `contacts`"; 
    } else { 
     $query = "SELECT * FROM `contacts` WHERE `id`='".$id."'"; 
    } 
    $result = mysql_query($query); 
    $rows = array(); 
    while($r = mysql_fetch_assoc($result)) { 
     $rows['title'][] = $r; 
    } 
    print json_encode($rows); 
?> 

Answer 2

您需要將where條件添加到您的查詢。

$id = (int) $_GET['id']; 
$result = mysql_query("SELECT * FROM contacts WHERE id = $id"); 

Answer 3

更改以下

$result = mysql_query("SELECT * FROM contacts"); 

到

$id = $_REQUEST['id']; 

$query = 'SELECT * FROM contacts'; 

if(is_numeric($id)) 
    $query .= ' WHERE id = ' . $id; 

$result = mysql_query($query); 

Answer 4

對於一個你必須添加WHERE到您的SQL語句....

SELECT * FROM `contacts` WHERE `id` = $id 

你在哪裏看到id這應該是表中id列的名稱，不管它是什麼。但你也必須首先消毒輸入...

if(!is_numeric($_GET['id'])) 
    exit; // if not a number then exit 

$id = mysql_real_escape_string($_GET['id']); // escape the input 

當然，這是最基本的錯誤檢查。你可以解釋它。所以，你的代碼看起來會像這樣...

<?php 

$username = "root"; 
$password = ""; 
$hostname = "localhost"; 

//connection to the database 
$dbhandle = mysql_connect($hostname, $username, $password) 
    or die("Unable to connect to MySQL"); 

$selected = mysql_select_db("mydb",$dbhandle) 
    or die("Could not select mydb"); 

if(!is_numeric($_GET['id']) || !$_GET['id']) 
    exit; // if not an integer or id not set then exit 

$id = mysql_real_escape_string($_GET['id']); // escape the input 

$result = mysql_query("SELECT * FROM contacts WHERE id = $id"); 
$rows = array(); 
    while($r = mysql_fetch_assoc($result)) { 
    $rows['title'][] = $r; 
    } 

print json_encode($rows); 

?> 

你真的不應該使用根連接到數據庫在Web應用程序。 Mihai也是對的，您應該使用PDO，但對於這樣一個簡單的應用程序來說並不是必須的。

編輯 但是，上面的代碼將需要一個id輸入。如果你想仍然能夠得到整個列表，如果沒有id提供它看起來像這樣...

<?php 

$username = "root"; 
$password = ""; 
$hostname = "localhost"; 

//connection to the database 
$dbhandle = mysql_connect($hostname, $username, $password) 
    or die("Unable to connect to MySQL"); 

$selected = mysql_select_db("mydb",$dbhandle) 
    or die("Could not select mydb"); 

$sql = "SELECT * FROM `contacts`"; 

if(isset($_GET['id']) && $_GET['id'] > 0) { 
    // if id is set then add the WHERE statement 
    if(!is_numeric($_GET['id'])) 
     die('id must be an integer'); // if id is not an integer then exit 
    $id = mysql_real_escape_string((int)$_GET['id']); // escape the input 
    $sql .= " WHERE `id` = $id"; // append the WHERE statement to the sql 
} 


$result = mysql_query($sql); 
$rows = array(); 
    while($r = mysql_fetch_assoc($result)) { 
    $rows['title'][] = $r; 
    } 

print json_encode($rows); 

?>