gpt4 book ai didi

php - 如何使用 $_session[] 名称为 mysql 数据库定义表?

转载 作者:行者123 更新时间:2023-11-30 00:23:45 25 4
gpt4 key购买 nike

这个问题在这里已经有了答案:





mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row()/mysql_num_rows etc... expects parameter 1 to be resource

(31 个回答)


7年前关闭。




我需要帮助协调使用 Session[] 的方法

$_SESSION['loginname']=jordan@yahoo.com;
$table_name=$_SESSION['loginname'];

成为数据库中表的名称。
$username = "root";
$password = "";
$hostname = "localhost";
$database = "basketball_database";
$table = "$table_name";

我不断收到 Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in
这导致这组代码出现问题
$mysql = "SELECT DISTINCT quiz_name FROM $table";
$mydata = mysql_query($mysql,$con);
while($records = mysql_fetch_array($mydata)){

然后我添加 mysql_error()然后回来了
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''jordan@yahoo.com'' at line 1

我究竟做错了什么?谢谢

quiz_main.php
<?php
session_start();
?>
<!DOCTYPE html>
<html>

<head>
<title>Quiz</title>

<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>

<body>
<div id="main">

<header>
<div id="welcome">
<h2>Prairie View A&amp;M University</h2>
</div><!--close welcome-->
</header>

<nav>
<div id="menubar">
<ul id="nav">
<li><a href="index.php">Home</a></li>
<li><a href="user-account.php">Account Info</a></li>
<li class="current"><a href="quiz_main.php">Quiz</a></li>
&nbsp &nbsp &nbsp &nbsp &nbsp
<?php
if($_SESSION['loginname'])
echo $_SESSION['loginname'].", "."<a href='user-account.php'>Account</a>"." "."<a href='logout.php'>Logout</a>";

else
die("You must login");
?>
</ul>
</div><!--close menubar-->
</nav>

<div id="site_content">

<h2 style="font-size:50px" align="center" > Quiz Page</h2>

<h2> All Quizzes:</h2></br>
<?php
$table_name=$_SESSION['loginname'];
$username = "root";
$password = "";
$hostname = "localhost";
$database = "basketball_database";
$table = $table_name;

$con = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MYsql");
// echo "Connected to mysql<br>";

$db = mysql_select_db("$database")
or die("Could not select Basketball_database");
//echo "Connected to database";

//form for selecting quiz
echo "<form action=\"/xampp/Website_DataBase/Pvamu_website/quiz/index.php\" method=\"post\">";

$mysql = "SELECT DISTINCT quiz_name FROM '$table_name'";
$mydata = mysql_query($mysql,$con);

if($mydata === FALSE) {
die(mysql_error()); // TODO: better error handlin
}


while($records = mysql_fetch_array($mydata)){
$quizname=$records['quiz_name'];

echo "<input type=radio name=name_quiz value='".$records['quiz_name']."'>".$records['quiz_name']."<br>";
}


echo "<input type=submit value=Submit Continue>";
echo "</form>";


?>
<a href="quiz_folder/coach_quizzes.php">Creat a Quiz</a>
<div id="content">
<div class="content_item">


</div><!--close content_container-->
</div><!--close content_item-->
</div><!--close content-->
</div><!--close site_content-->

<footer>
<a href="index.php">Home</a> | <a href="photos.php">Photos</a> | <a href="videos.php">Videos</a> | <a href="schedule.php">Schedule</a> | <a href="contact.php">Contact</a><br/><br/>

</footer>

</div><!--close main-->

<!-- javascript at the bottom for fast page loading -->
<script type="text/javascript" src="js/jquery.min.js"></script>
<script type="text/javascript" src="js/image_slide.js"></script>

</body>
</html>

最佳答案

如果表名中有特殊字符,则需要反引号:

$table = str_replace('`', '``', $table); // escape backticks in $table

$mysql = "SELECT DISTINCT quiz_name FROM `$table`";
@.字符需要反引号,许多其他可能的字符也是如此。请快速阅读有关 SQL 注入(inject)的信息:
  • http://en.wikipedia.org/wiki/SQL_injection
  • http://www.php.net/manual/en/security.database.sql-injection.php
  • How can I prevent SQL injection in PHP?
  • 关于php - 如何使用 $_session[] 名称为 mysql 数据库定义表?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23036656/

    25 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com