1. 首頁
  2. 問答
  3. 從mysql數據庫中缺少數據

從mysql數據庫中缺少數據

2014-09-02 247 views
0

我有一個由php腳本用來顯示數據的mysql數據庫......我遇到的問題是,它看起來是隨機發生的,它錯過了結果,我看不到一個模式以確定爲什麼它可能會這樣做...從mysql數據庫中缺少數據

當我檢查數據庫時,所有的數據似乎很好。

這裏是我最初的搜索頁面

<?php 
include 'connect.php'; 

//set variable 
$option = ''; 

// Get the county names from database - no duplicates - Order A-Z 
$query = "SELECT DISTINCT tradingCounty FROM offers ORDER BY tradingCounty ASC"; 

// execute the query, $result will hold all of the Counties in an array 
$result = mysqli_query($con,$query); 


while($row = mysqli_fetch_array($result)) { 
    $option .="<option>" . $row['tradingCounty'] . "</option>"; 
} 




echo "<html xmlns='http://www.w3.org/1999/xhtml'>"; 
echo "<title>HSB - Latest Offers</title>"; 
echo "<style type='text/css'>; 
body { 
    background-color: #FFF; 
} 
#wrapper { 
    background-color: #FFF; 
    height: auto; 
    width: 1000px; 
    margin-right: auto; 
    margin-left: auto; 
    font-family: 'Trebuchet MS', Arial, Helvetica, sans-serif; 
} 
</style> 
</head> 

<body> 
<div id='wrapper'> 
    <p><img src='images/header.jpg' width='400' height='100' alt='header' /></p> 
    <HR/> 
    Select an area from the menu below to view any offers in that area. 
    <form id='filter' name='filter' method='post' action='resultssimple.php'> 
     <p><label>County</label></p> 
     <select name='result' id='result'>' . $option . '</select> 
     <input name='' type='submit' /> 
     </form> 
</div> 
</body> 
</html>"; 



?>

,這裏是我的結果頁

<? 
include 'connect.php'; 

//Get the details from previous page 
$SelectedCounty = $_POST["result"]; 

// Select offers linked to selected county from form 
$result = mysqli_query($con,"SELECT * FROM offers WHERE tradingCounty ='" . $SelectedCounty . "'ORDER BY categoryIdName ASC;"); 

// PREVIOUS ATTEMPTS - ALL WRONG - GGGGRRRRRRRRRRRR !!!!!!!! 
//------------------------------------------------------------ 
//$result = mysqli_query($con,"SELECT * FROM offers WHERE tradingCounty LIKE" . $SelectedCounty); 
//$result = mysql_query("SELECT * FROM pdetails WHERE uid='" . $inputname . "';"); 
//"SELECT * FROM `offers` WHERE `tradingCounty` LIKE 
//$result = mysqli_query($con,"SELECT * FROM offers;"); 
//$result = mysql_query("SELECT * FROM pdetails WHERE uid='" . $inputname . "';"); 
//$result = mysqli_query("SELECT * FROM offers WHERE tradingCounty=" . $SelectedCounty); 


//check to see if results is set - error if not. 
if(!$result) 
{ 
    die("<p>Error in listing tables: ". mysql_error()."</p>"); 
} 

//Show all records for selected county 
echo ("<p><h2>Showing Latest Offers In : " . $SelectedCounty . "</h2></p>"); 
echo ("<p><a href='offers.php' target='_self'>back to search menu</a></p>"); 

/* 
echo ("<table border='1'>"); 
echo ("<tr>"); 
echo ("<td>ID</td><td>Category</td><td>Business Name</td><td>Business Address</td><td>Address2</td><td>Address3</td><td>Town</td><td>County</td><td>Post Code</td><td>Telephone</td><td>URL</td><td>Email</td><td>Discount/Special Offer</td><td>valid from</td>"); 
*/ 

while($row = mysqli_fetch_row($result)) 
{ 
    echo ("<div style=' background-color: #EFF5FF; color: #06C; padding: 5px; float: left; border: 1px dotted #06C; margin: 10px; width: 300px; height: 300px; text-align: center; >"); 
    // echo ("" . $row[0] . ""); 
    // echo ("</br>"); 
    echo ("<strong>" . $row[1] . "</strong>"); 
    echo ("<hr/>"); 
    // echo ("</br>"); 
    echo ("" . $row[2] . ""); 
    echo ("</br>"); 
    echo ("" . $row[3] . ""); 
    echo ("</br>"); 
    // echo ("" . $row[4] . ""); 
    // echo ("</br>"); 
    // echo ("" . $row[5] . ""); 
    // echo ("</br>"); 
    echo ("" . $row[6] . ""); 
    echo ("</br>"); 
    echo ("" . $row[7] . ""); 
    echo ("</br>"); 
    echo ("" . $row[8] . ""); 
    echo ("</br>"); 
    echo ("" . $row[9] . ""); 
    echo ("</br>"); 
    // echo ("" . $row[10] . ""); 
    // echo ("</br>"); 
    echo ("" . $row[11] . ""); 
    echo ("</br>"); 
    echo ("<hr/>"); 
    echo ("<strong>" . $row[12] . "</strong>"); 
    echo ("</br>"); 
    echo ("</div>"); 

/* echo("<tr>"); 
    echo("<td>" . $row[0] . "</td>" . "<td>" . $row[1] . "</td>" . "<td>" . $row[2] . "</td>" . "<td>" . $row[3] . "</td>" . "<td>" . $row[4] . "</td>" . "<td>" . $row[5] . "</td>" . "<td>" . $row[6] . "</td>" . "<td>" . $row[7] . "</td>" . "<td>" . $row[8] . "</td>" . "<td>" . $row[9] . "</td>" . "<td>" . $row[10] . "</td>" . "<td>" . $row[11] . "</td>" . "<td>" . $row[12] . "</td>" . "<td>" . $row[13] . "</td>"); 
    echo("</tr>"); 
*/ 
} 
// echo("</table>"); 
?>

什麼我越來越可以看出here

來源

2014-09-02 sturobinson81

+0

是一個更清楚一點......一些結果是缺少企業類型,企業名稱和一些地址 – sturobinson81 2014-09-02 15:01:06

+0

只是挑剔這裏的,但在所有的'SELECT'語句,我建議你明確地命名你想要的列選擇而不是使用'SELECT * ...'。 – kevin628 2014-09-02 15:07:32

+0

:)注意到凱文...我想從業餘愛好者/我的觀點選擇*更快:)而我只是不得不註釋掉我不想顯示的行... – sturobinson81 2014-09-02 15:14:49

回答

0

他們是否丟失或者也許他們被未轉義的html字符遮擋。檢查瀏覽器的「查看源代碼」選項以查看它們是否實際存在。我會特別留意數據中的字符,例如瀏覽器可能誤認爲HTML開放字符的「小於」字符。

您可能需要逃避你的輸出,使瀏覽器不會嘗試使其:

echo ("" . htmlspecialchars($row[2]) . "");

另外,我建議你從來沒有直接從用戶獲得輸入,並把它變成一個SQL查詢,而不逃逸它首先。您正在打開自己的SQL注入攻擊。

請參閱以下內容:

http://php.net/manual/en/mysqli.real-escape-string.php

來源

2014-09-02 15:23:49

+0

嗨Wes,可以從下拉菜單中進行sql注入嗎?對不起,我很新的PHP。 – sturobinson81 2014-09-02 15:30:22

+0

我查看了源代碼,缺少詳細信息......爲什麼會發生這種情況? – sturobinson81 2014-09-02 15:30:52

+0

這可能是因爲瀏覽器將它們視爲HTML字符。它們是否包含<>字符? – 2014-09-02 15:32:18

0

不知道這是否會幫助,但在這一行:

$result = mysqli_query($con,"SELECT * FROM offers WHERE tradingCounty ='" . $SelectedCounty . "'ORDER BY categoryIdName ASC;");

它看起來像你有一個額外的分號(; )在最後一個雙引號之前。我不認爲那應該在那裏。

您也可以存儲數組中返回的所有內容,並在遍歷它時查看返回的所有內容。然後,如果缺少某些內容,請轉到數據庫並查看該行。

$tempArray = array(); 
while($row = mysqli_fetch_row($result)) { 
    $tempArray = $row; 
} 

foreach($tempArray as $value) { 
    echo $value . '<br>'; 
}

來源

2014-09-02 15:25:17 trevorj

相關問題

 相關問題