1. 首頁
  2. 問答
  3. 試圖通過在PHP中的ID從SQL拉整整行

試圖通過在PHP中的ID從SQL拉整整行

2016-09-19 32 views
1 
<?php 
require("header.php"); 
$query = "SELECT title,content,poster FROM forum WHERE id=?"; 
try 
{ 
    $stmt = $db->prepare($query); 
    $stmt->execute(array($_GET['id'])); 
} 
catch(PDOException $ex) 
{ 
    die("Failed to run query: " . $ex->getMessage()); 
} 
$rows = $stmt->fetchAll(); 
header('Content-Disposition: inline; filename="post.php"'); 
if(isset($_GET['id'])) 
{ 

    echo $_GET['id']; 

} 
else 
{ 
    die("You didn't put an ID twat"); 
}

所以我想要做的是讓它這麼說如果URL是post.php?= 1,我希望它拉動整個爲ID 1行,並能夠打印出行標題,內容和海報。誰能幫我?會很感激!試圖通過在PHP中的ID從SQL拉整整行

來源

2016-09-19 Mark Horton

+0

捕獲一個$ _GET ['id'],並執行select * with limit 1?... **確保清理GET數據**,因爲它可以在SQLINJECT風格的漏洞中使用。 – ZBerg

回答

0 
<?php 

// ACQUIRE DATA FROM URL 
if (isset($_GET['id'])){ 
    $url_id = $_GET['id']; 
} else { 
    $url_id = 1; // default id here - data not present in url 
} 
// ACQUIRE DATA FROM URL 

// ENSURE VALID DATA FOR VARIABLE QUERY 
if (!ctype_digit($url_id)){ 
    $url_id = 1; // default id again - data unsafe 
} 
// ENSURE VALID DATA FOR VARIABLE QUERY 

$query = 'SELECT * FROM forum WHERE id='.$url_id; 

// rest of code here 

?>

來源

2016-09-19 04:05:49 ZBerg

相關問題

 相關問題