comment系统显示一篇文章的多篇文章这是密码

nhaq1z21  于 2021-06-21  发布在  Mysql
关注(0)|答案(1)|浏览(469)

我写过这样的东西

$sql = "SELECT `id`, `name`, `comment`, `time` FROM `comments` id='".$_GET['id']."'";

但它仍然不起作用,未定义的id说,我能做什么?

<?php
require 'head.php';
require 'navbar.php';
require 'config.php';

if(isset($_COOKIE['taxi'])){
        echo '<div class="container"  style="margin-top: 10%;">
                <div class="col-lg-4"></div>
                   <div class="panel panel-default col-lg-4">
                    <div class="panel-heading">Submit Your Comments</div>
                      <div class="panel-body">
                        <form method="post" action="comment.php">
                          <div class="form-group">
                            <label for="exampleInputEmail1">Name</label>
                            <input type="text" name="name" class="form-control" id="exampleInputEmail1" placeholder="name">
                          </div>
                          <div class="form-group">
                            <label for="exampleInputPassword1">Comment</label>
                            <textarea name="comment" class="form-control" rows="3"></textarea>
                          </div>
                          <button type="submit" class="btn btn-primary" name="submit">Submit</button>
                        </form>
                      </div>
                </div>
                <div class="col-lg-4"></div>
                </div>';

        $sql = "SELECT `id`, `name`, `comment`, `time` FROM `comments`";
        $query = $con->query($sql);

        while ($row = mysqli_fetch_assoc($query))
        {
            echo "<div class='container'>";
            echo "<div class='col-lg-4'></div>";
            echo "<div class='col-lg-4' style='margin-top:5%;'>";
            echo "<p>Name: " . $row['name'] . "</p>";
            echo "<p>Comment: " . $row['comment'] . "</p>";
            echo "<p>Time: " . $row['time'] . "</p>";
            echo "</div>";
            echo "<div class='col-lg-4'></div> ";
            echo "</div>";
        }

    if(isset($_POST['submit'])){
        $name = $_POST['name'];
        $comment = $_POST['comment'];

        $sql = "INSERT INTO `comments`(`id`, `name`, `comment`, `time`) VALUES (NULL,'$name','$comment',CURRENT_TIMESTAMP)";
        $query = $con->query($sql); 

    }
}
else{
        echo "<p style='margin-top:5%; text-align:center; font-size:40px;'>Access denied to write comment, but you can see comments</p>";
        echo "<a href='login.php'><p style='text-align:center;'> Sign in to write a comment </p></a>";

        $sql = "SELECT `id`, `name`, `comment`, `time` FROM `comments`";
        $query = $con->query($sql);

        while ($row = mysqli_fetch_assoc($query))
        {
            echo "<div class='container'>";
            echo "<div class='col-lg-4'></div>";
            echo "<div class='col-lg-4' style='margin-top:5%;'>";
            echo "<p>Name: " . $row['name'] . "</p>";
            echo "<p>Comment: " . $row['comment'] . "</p>";
            echo "<p>Time: " . $row['time'] . "</p>";
            echo "</div>";
            echo "<div class='col-lg-4'></div> ";
            echo "</div>";
        }
    }
?>
mysqlphpcomments

1条答案

按热度按时间
gcxthw6b

gcxthw6b1#

问题要么是:你没有 id 列,因此在尝试选择 id 使用此行:

`$sql = "SELECT `id`, `name`, `comment`, `time` FROM `comments`";`

潜在问题b:你的 id 列被设置为数据库中的主键。这意味着 id 对于插入的每条记录,列自动递增1。但当你插入新行时,你是在试图设置 idNULL :

$sql = "INSERT INTO `comments`(`id`, `name`, `comment`, `time`) VALUES (NULL,'$name','$comment',CURRENT_TIMESTAMP)";

尝试将其更改为:

$sql = "INSERT INTO `comments`(`name`, `comment`, `time`) VALUES ('$name','$comment',CURRENT_TIMESTAMP)";

潜在问题c(很可能):您没有设置 $_GET['id'] 加载页面时的参数。这本质上是 ?id=x 你在这么多网址上看到的。
正如其他人所提到的,你的查询是可注入的,我知道你说过这只是局部的,但是从一开始就养成好习惯是很好的。

赞(0)分享  回复(0)举报  2021-06-21
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com