变量返回 0 而不是实际值 [英] Variable returning 0 instead of an actual value
问题描述
请在我的脚本中帮助我解决这个问题.在 INSERT 查询点 $article_id 返回 0,而实际上它是一个不是 0 (1, 2, 3) 的值.
Please help me with this issue in my script. At the point of the INSERT query $article_id returns 0, while actually it is a value that is not 0 (1, 2, 3).
我试图在代码的各个点回显 $article_id 并且它实际上回显了我想要的.但是一旦我试图在之后回应它isset($_POST['submit']) 它没有回显任何东西.
I have tried to echo out $article_id at various points of the code and it actually echoed out what i wanted. But once i tried to echo it after the
isset($_POST['submit']) it does not echo out anything.
我还检查了我在 MySQL 表中声明的类型....int.但是还是在数据库中插入0.
I have also checked the type i declared in the MySQL table....int. But still insert 0 into the database.
请问问题出在哪里?
感谢您的时间和耐心.
$page_name = 'about';
$id = "";
if (isset($_GET['id']))
{
$id = $_GET['id'];
$past1 = mysql_query("SELECT *
FROM about
WHERE about_id = '".$id."' ");
$row = mysql_fetch_array($past1);
echo "<p>" .$row['about_head']."</p>";
echo $row['about_content'];
$article_id = $row['about_id'] ;
$query6 = mysql_query("SELECT c.comment_body, c.comment_date
FROM comment AS c
INNER JOIN about AS ac ON c.article_id = ac.about_id
WHERE c.article_id = '".$article_id."'
AND page_name = '".page_name."'");
while ($comment = mysql_fetch_assoc($query6))
{
echo "<b>Comment:</b> " . $comment['comment_body'] . "<br/>" ;
echo "<b>Date of Comment:</b> " . $comment['comment_date'];
echo "<br/>" ;
echo "</div>";
}
}
if (isset($_POST['submit']))
{
$comment_body = mysql_real_escape_string($_POST['comment_body']);
if (($comment_body == "")
{
echo "<div class=\"error\" >" ;
echo "One/More Empty Field";
echo "</div>";
}
else
{
$query = "INSERT INTO comment (comment_id, article_id, username, page_name,
comment_body, comment_date)
VALUES (NULL, '".$article_id."', '".$_SESSION['logged_username']."',
'".$page_name."', '".$comment_body."', NOW())";
mysql_query($query);
}
}
推荐答案
您看到的 0 实际上是 PHP NULL,表示未初始化的变量在 SQL 中转换为字符串时表示为 0.
The 0 you see is actually a PHP NULL for an uninitialized variable being represented as a 0 when cast as a string in your SQL.
假设您在第一次加载时检索 $_GET['id'],并在另一个页面加载时执行 POST,$article_id 仅在第一次初始化.除非设置了 $_GET['id'],否则它不会被填充.因此,在第一次加载时将其存储在 $_SESSION 中,并在处理 POST 时从那里访问它.
Assuming you retrieve the $_GET['id'] on the first load, and do the POST on another page load, $article_id is only initialized the first time. It won't be populated unless $_GET['id'] is set. So, store it in $_SESSION on the first load and access it from there when processing the POST.
// Inside if (isset($_GET['id']))...
// article_id is retrieved and populated from the first SELECT statement...
$article_id = $row['about_id'] ;
// Store it in $_SESSION (assume session_start() was called somewhere we don't see)
$_SESSION['article_id'] = $article_id;
稍后在您的查询中,从 $_SESSION 获取:
Later in your query, get it from $_SESSION:
$query = "INSERT INTO comment (comment_id, article_id, username, page_name,
comment_body, comment_date)
VALUES (NULL, '".$_SESSION['article_id']."', '".$_SESSION['logged_username']."',
'".$page_name."', '".$comment_body."', NOW())";
根据评论,您似乎已经意识到 SQL 注入漏洞.一定不要忽视这些.重要的是在您进行时针对它们进行编码,而不是尝试稍后返回并填写适当的转义和边界检查.
According to the comments, you already seem to be aware of the SQL injection vulnerabilities. Be sure not to overlook those. It's important to code against them as you go, rather than trying to return later and fill in the appropriate escaping and bounds-checking.
这篇关于变量返回 0 而不是实际值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
