<?php
$ip = htmlspecialchars($_GET["ip"]);
$serverIp = "a";
$a = "a";
include("mysql.php");
$votes = "serverVotes";
$results = mysql_query("SELECT * FROM toplist WHERE serverIp = $_POST[serverIp] ORDER BY $votes DESC");
if($row['serverIp'] = $_POST[serverIp]) {
echo 'Yes1.'; //debugging
}
if($row['serverIp'] != $_POST[serverIp]) {
echo 'No1.'; //debugging
}
while($row = mysql_fetch_array($results)){
if($row['serverIp'] = $_POST[serverIp]) {
echo 'Yes2.'; //debugging
}
if($row['serverIp'] != $_POST[serverIp]) {
echo 'No2.'; //debugging
}
}
?>
我正在尝试做到这一点,如果数据库中存在“serverIp”,它将回显某些信息,如果不存在,则什么都不做。我不认为它是 实际上是从表单中获取 IP,但我可能错了,这可能是其他问题。
最佳答案
如果从 $_POST
中使用 IP,则需要转义 IP 并将其括在引号中。不要使用 htmlspecialchars()
,而是使用 mysql_real_escape_string()
将输入转义为 SQL 查询:
$results = mysql_query("SELECT * FROM toplist WHERE serverIp = '" . mysql_real_escape_string($_POST['serverIp'] . "' ORDER BY $votes DESC");
之后,您需要在 $row
具有任何值之前实际获取一行。在一些地方,当您打算使用相等运算符 ==
时,您还错误地使用了赋值运算符 =
:
$row = mysql_fetch_array($results);
// Now do stuff with $row:
// All of these should use == for equality, not = for assignment
// Also, enclose array keys in quotes inside $_POST['serverIp]. Though it may work
// without the quotes, it is bad practice to omit them, and will fill your error logs
// with warnings.
if($row['serverIp'] == $_POST['serverIp']) {
echo 'Yes1.'; //debugging
}
if($row['serverIp'] != $_POST['serverIp']) {
echo 'No1.'; //debugging
}
while($row = mysql_fetch_array($results)){
if($row['serverIp'] == $_POST['serverIp']) {
echo 'Yes2.'; //debugging
}
if($row['serverIp'] != $_POST['serverIp']) {
echo 'No2.'; //debugging
}
关于PHP/MySQL : Getting form information, 未按计划工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9395825/