兩個很多記錄顯示何時識別h_id

Question

我想過濾使用PHP的MySQL表，我的目標是當URL是History.php？h_id = 1它只顯示有一個在h_id中的行（H_id是不是唯一的號碼）

我的代碼如下。

<html> 
<head> 
<title></title> 
</head> 
<body > 

<?php 
mysql_connect('localhost', 'root', 'matl0ck') or die(mysql_error()); 
mysql_select_db("kedb") or die(mysql_error()); 

$h_id = (int)$_GET['h_id']; 
$query = mysql_query("SELECT * FROM Hist WHERE H_ID = '$h_id'") or die(mysql_error()); 

if(mysql_num_rows($query)=1){ 
    while($row = mysql_fetch_array($query)) { 
     $id = $row['ID']; 
     $name = $row['Name']; 
     $datemod = $row['DateMod']; 
     $h_id = $row['H_ID']; 
    } 
?> 
<?php 
    $con=mysqli_connect("localhost","root","matl0ck","kedb"); 
    // Check connection 
    if (mysqli_connect_errno()){ 
     echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
    } 

    $result = mysqli_query($con,"SELECT * FROM Hist"); 

    echo "<table border='1'> 
      <tr> 
      <th>ID</th> 
      <th>Name</th> 
      <th>Date</th> 
      <th>H_ID</th> 
      </tr>"; 

    while($row = mysqli_fetch_array($result)) 
    { 
     echo "<tr>"; 
     echo "<td>" . $row['ID'] . "</td>"; 
     echo "<td>" . $row['Name'] . "</td>"; 
     echo "<td>" . $row['DateMod'] . "</td>"; 
     echo "<td>" . $row['H_ID'] . "</td>"; 
     echo "</tr>"; 
    } 
    echo "</table>"; 

    mysqli_close($con); 
?> 
<?php 
}else{ 
    echo 'No entry found. <a href="javascript:history.back()">Go back</a>'; 
} 
?> 
</body> 
</html> 

當我嘗試使用這種它表明，在當我刪除此列中的數字也顯示了一個錯誤的h_id一些的所有記錄。

我的表格佈局如下。

謝謝

Answer 1

這是你的語法不正確的語句

if(mysql_num_rows($query)=1){ 

測試使用==和=所做的是一個賦值

if(mysql_num_rows($query) == 1){ 
//------------------------^^ 
    while($row = mysql_fetch_array($query)) { 
     $id = $row['ID']; 
     $name = $row['Name']; 
     $datemod = $row['DateMod']; 
     $h_id = $row['H_ID']; 
    } 

此外

你的腳本是有風險的SQL Injection Attack 有一個看看發生了什麼事Little Bobby Tables即使 if you are escaping inputs, its not safe! 使用prepared parameterized statements，因此堅持mysqli_或PDO數據庫擴展

你一般的代碼似乎得到有點困惑，並且您從查詢"SELECT * FROM Hist"獲取您從未使用過的數據。

另外，在您實際使用並輸出第一個查詢的結果之前，while循環被終止。

我還修正了使用參數並準備查詢的代碼，並取消了使用這PHP7

<?php 
// Use one connection for all script, and make it MYSQLI or PDO 
$con=mysqli_connect("localhost","root","matl0ck","kedb"); 
if (mysqli_connect_errno()){ 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
    // if connection fails there is no point doing anything else 
    exit; 
} 

//$h_id = (int)$_GET['h_id']; 

// prepare and bind values to make the code safe from SQL Injection 
// also only select the rows you want 
$sql = "SELECT ID, Name, DateMod, H_ID FROM Hist WHERE H_ID = ?"; 
$stmt = $con->prepare($sql); 
if (! $stmt) { 
    echo $con->error; 
    exit; 
} 

$stmt->bind_param("i", $_GET['h_id']); 

$stmt->execute(); 

if (! $stmt) { 
    echo $con->error; 
    exit; 
} 

// bind the query results 4 columns to local variable 
$stmt->bind_result($ID, $Name, $DateMod, $H_ID); 

echo "<table border='1'> 
     <tr><th>ID</th><th>Name</th><th>Date</th><th>H_ID</th></tr>"; 

if($con->affected_rows > 0){ 

    echo "<table border='1'> 
      <tr><th>ID</th><th>Name</th><th>Date</th><th>H_ID</th></tr>"; 

    while($stmt->fetch()) { 

     while($row = $stmt->fetch_array()) { 
      echo "<tr>"; 
      echo "<td>$ID</td>"; 
      echo "<td>$Name</td>"; 
      echo "<td>$DateMod</td>"; 
      echo "<td>$H_ID</td>"; 
      echo "</tr>"; 
    } 
    echo "</table>"; 

}else{ 
    echo 'No entry found. <a href="javascript:history.back()">Go back</a>'; 
} 
?>