我剛做了userprofile腳本的一部分,我不知道如何在標題中顯示用戶名。請幫助這裏是代碼:
<?php
require_once('sp/conn.php');
$page_title = $get;
require_once('sp/head.php');
require_once('sp/userbar.php');
$get = $_GET['name'];
$query = "SELECT id,username from user_info where username = '$get'";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The user row was found so display the user data
$row = mysqli_fetch_array($data);
$img_id = $row['id'];
?>
<body>
<div id="main">
<div id="user_lvl_avatar_bar">
<img src="img/ava/<?php echo $row['id'];?>" class="ava" /><font id="username"><?php echo $row['username']; ?></font>
</div><br />
<span id="left_user_notif_bar">
</span>
<span id="right_user_notif_bar">
</span>
<?php
} else {
$error_msg = "<div id=\"main\"><div id=\"red_field\">ERROR : Username doesn't exists.</div></div>";
echo $error_msg;
}
?>
</div>
</body>
</html>
對不起,醜陋的代碼我不明白如何在#1
,就把這行的PHP'$ GET = $ _GET [ '名']的頂部;' –
你的代碼是開放的[SQL注入](http://www.bobby-tables.com/) – Machavity
@Machavity它是一個userprofile而不是一個表單不能有任何注入 –