我正在爲一個課程製作一個項目,我需要製作一個包含所有藝術家和電影的電影網站原型。我需要通過藝術家的名字顯示搜索結果,並且鏈接到頁面以獲得關於藝術家的更多詳細信息。對於搜索頁面的代碼 部分:
elseif ($method=='artist')
{
$x=0;
$query = "SELECT artistId, image, firstname,lastname,dateOfBirth,otherInfo FROM $artists WHERE CONCAT(firstname, ' ', lastname) LIKE '%$kword%' OR lastname LIKE '%$kword%' or firstname like '%$kword%'";
mysqli_select_db($connect, $mydb);
$result = mysqli_query($connect, $query);
if($result)
{
print '<table >';
while ($sqlRow=mysqli_fetch_array($result, MYSQL_ASSOC))
{
$x++;
echo "<tr>";
echo "<td rowspan=\"3\" id=\"image\">";
echo '<img src="' . $sqlRow['image'] . '" alt="alt">';
echo"</td>";
echo "<td id=\"title\"><strong><a href=artist_details.php?id=".$sqlRow['artistId'].">".$sqlRow['firstname']." ".$sqlRow['lastname']."</strong></td>";
echo "</tr>";
echo "<tr>";
echo "<td id=\"date\"><strong>".$sqlRow['dateOfBirth']."</strong></td>";
echo "</tr>";
echo "<tr>";
echo "<td id=\"desc\">".$sqlRow['otherInfo']."</td>";
echo "</tr>";
}
print '</table>';
if ($x==0)
{
echo "<h4>";
echo "No matches found";
echo "</h4>";
}
}
}
的詳細信息頁面的代碼:
$query = "SELECT artistId, image, firstname,lastname,dateOfBirth,otherInfo FROM $artists WHERE artistId=".$_GET['artistId'];
mysqli_select_db($connect, $mydb);
$result = mysqli_query($connect, $query);
if($result)
{
print '<table >';
while ($sqlRow=mysqli_fetch_array($result, MYSQL_ASSOC))
{
$x++;
echo "<tr>";
echo "<td rowspan=\"3\" id=\"image\">";
echo '<img src="' . $sqlRow['image'] . '" alt="alt">';
echo"</td>";
echo "<td id=\"title\"><strong><a href=\"artist_detail.php?id=".$sqlRow['artistId']."\">".$sqlRow['firstname']." ".$sqlRow['lastname']."</strong></td>";
echo "</tr>";
echo "<tr>";
echo "<td id=\"date\"><strong>".$sqlRow['dateOfBirth']."</strong></td>";
echo "</tr>";
echo "<tr>";
echo "<td id=\"desc\">".$sqlRow['otherInfo']."</td>";
echo "</tr>";
}
print '</table>';
}
每次我得到同樣的錯誤:未定義指數:artistId。 我會很感激你的幫助! :)
你在傳遞'artistId ='在URL中嗎?你是否知道你的代碼對SQL注入攻擊是開放的? –
andrewsi
'artistId'與'artistd –
anrewsi不一樣,我知道GET不安全,但我不太瞭解任何其他解決方案,因爲我是PHP初學者:) – user3125917