Question

我正在尝试使用mysqli函数（CODE 2）重写现有代码CODE 1。但它不起作用。有人可以帮助纠正这个问题吗？

代码1（旧代码 - 工作）

<?php
if(isset($_POST['thename']) === true && empty($_POST['thename']) === false) {
    require'../db/connection.php';

    $query = ("SELECT 'photos'.'theurl' FROM 'photos' WHERE 'photos'.'thename' = '" . mysql_real_escape_string(trim($_POST['thename'])) . "'");

    echo(mysql_num_rows($query) !== 0) ? mysql_result($query, 0, 'theurl') : 'Not found';

代码2（新的 - 不工作）

<?php
if(isset($_POST['thename']) === true && empty($_POST['thename']) === false) {
    $getVal = mysqli_real_escape_string($Conn_db, trim($_POST['thename']));

    require_once('../db/connection.php');
    $query = ("SELECT 'photos'.'theurl' FROM 'photos' WHERE 'photos'.'thename' = '" . $getVal . "'");
    $result = mysqli_query($Conn_db, $query);

    $queryA = ("SELECT id FROM photos");
    $resultA = mysqli_query($Conn_db, $queryA);
    $row_cnt = $resultA->num_rows;

    echo($row_cnt !== 0) ? mysqli_result($result, '0', 'theurl') : 'Not found.';
} 

function mysqli_result($result, $ro, $field) { 
    $result->data_seek($ro); 
    $datarow = $result->fetch_array(); 
    return $datarow[$field]; 
}

Answer 1

尝试更改以下行的顺序：

$getVal = mysqli_real_escape_string($Conn_db, trim($_POST['thename']));

require_once('../db/connection.php');

它应该如下所示，因为mysqli_real_escpae_string()要求在被调用之前创建数据库连接：

require_once('../db/connection.php');
$getVal = mysqli_real_escape_string($Conn_db, trim($_POST['thename']));

Answer 2

你的代码在mysql和mysqli中都没有意义。

最好将其重写为safeMysql：

<?php
if(!empty($_POST['thename'])) {
    require'../db/safemysql.class.php';
    $db  = new safeMysql();

    $url = $db->getOne("SELECT theurl FROM photos WHERE thename = ?s", $_POST['thename']);
    echo ($url) ? $url : 'Not found';    
}

重写代码 - 不起作用

2 个答案: