php - 从获取变量中选择语法

Question

我想使用从 $_GET 获得的变量从数据库中选择一个值，但它不显示任何结果。谁能帮我找出我的代码出了什么问题吗？

这是我的第一页，我如何获取 GET 的值:

<?php
            if($result->num_rows > 0) {
               while($row = $result->fetch_assoc()) {
        ?>
                 <tr>
                    <td><a href="file.php?subject=<?= $row['subject'] ?>"><?= $row['subject'] ?></a></td>
                    <td><?= $row['location'] ?></td>
                    <td><?= $row['geo'] ?></td>
                    <td><?= $row['date'] ?></td>
                    <td><?= $row['piority'] ?></td>
                 </tr>
        <?php
               }
            }
        ?>

这是我的第二页，我想从数据库中获取带有第一页主题变量的数据:

<?php
$varPage = $_GET['subject'];
                $servername = "localhost";
                $username = "bayansh_user";
                $password = "u)nHf,Accmo)";
                $dbname = "bayansh_bmc";
                $conn = new mysqli($servername, $username, $password, $dbname);
                // Check connection
                if ($conn->connect_error) {
                     die("Connection failed: " . $conn->connect_error);
                } 
                $result = mysqli_query($conn,"SELECT `date` FROM `editor` WHERE subject = '.$varPage.'");

while($row = mysqli_fetch_array($result))

?>

现在我想在这里写下日期，这是我的代码:

<p style="font-family:B Zar; direction:rtl; font-size:165%;"> <?= $row['date'] ?> </p>

但它什么也没写。 我的代码有什么问题吗？

Answer 1

There seems to be an oversight on your part with regards to your SQL. You have an extra-dot, which likely was a Typo. Try addressing that part and your code would most likely work as you expected. Some Guys here have suggested working with Prepared Statement (which is quite necessary) in which case this Snippet would use PDO as opposed to MySQLi... although the principles are not so extremely different.

    <?php

            $varPage     = $_GET['subject'];
            $servername  = "localhost";
            $username    = "bayansh_user";
            $password    = "u)nHf,Accmo)";
            $dbname      = "bayansh_bmc";
            $dbh         = null;

            // USING PDO INSTEAD::
            $dsn         = 'mysql:host=' . $servername . ';dbname=' . $dbname;  
            try {
                $dbh     = new PDO($dsn, $username, $password);
                $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
            } catch (PDOException $e) {
                throw new Exception($e->getMessage());
            }

            // USING PREPARED STATEMENT... NOTICE "=:SBJ"
            $sql         = "SELECT `date` FROM `editor` WHERE subject=:SBJ";
            // USING PREPARED STATEMENT CONTINUED: NOTICE "$dbh->prepare()"
            $stmt        = $dbh->prepare($sql);
            // PASSING VALUES: NOTICE "['SBJ'=>$varPage]"
            $stmt->execute( array('SBJ'=>$varPage) );
            $resultSet   = $stmt->fetchAll(PDO::FETCH_OBJ);

            // LOOP THROUGH THE RESULT-SET AND DO SOME THINGS WITH THE DATA...
            foreach($resultSet as $intKey=>$objData){
                var_dump($objData->date);  //<== DUMP SOME DATA TO THE STREAM
            }