好了,我有两个文件,问题与包括PHP文件
manageDay.php db_connect.php
db_connect.php包括在manageDay.php与require_once 'db_connect.php';
的文件是在相同的位置(同一文件夹)
manageDay.php的重要组成部分如下:
<?php
require_once 'db_connect.php';
ini_set ("display_errors", "1");
error_reporting(E_ALL);
mysql_connect($db_hostname, $db_username, $db_password) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());
$user_id = $_GET['user_id'];
$date = $_GET['date'];
?>
这将调用包含数据库连接详细信息的包含文件以及一些函数。
<?
while ($row = mysql_fetch_assoc(getHoursForDay($date, $user_id))) {
/*while ($row = mysql_fetch_assoc($result)) {*/
echo '
<tr>
<td>'.$row['code'].'
</td>
<td>'.$row['project'].'
</td>
<td>'.$row['job'].'
</td>
<td>'.$row['start_time'].'
</td>
<td>'.$row['end_time'].'
</td>
<td>'.$row['location'].'
</td>
<td></td>
</tr>
';
}
?>
这第二位调用它返回一个函数在db_connect.php
这里结果的记录集是db_connect.php
:
<?php
$db_hostname = "localhost";
$db_username = "xxxxx_ts";
$db_password = "xxxxxxx";
$db_name = "xxxxx_ts";
function getHoursForDay($date, $user_id){
$sql = "SELECT *
FROM bt_hours
INNER JOIN bt_location ON bt_hours.location_id = bt_location.id
INNER JOIN bt_projects ON bt_hours.project_id = bt_projects.id
WHERE bt_hours.user_id='$user_id' AND bt_hours.work_date LIKE '$date'";
$result = mysql_query($sql)
or die(mysql_error());
return $result;
}
?>
称为URL为manageDay.php?date=2015-01-02&user_id=2
当我打电话给该页面,它返回:
Fatal error: Call to undefined function getHoursForDay() in /var/www/vhosts/xxxxx.com/ts.xxxxx.com/api/sql/manageDay.php on line 53
但是,如果我删除函数,并将它的内容放在manageDay.php它工作正常?请注意,数据库细节仍在从db_connect.php
<?
$sql = "SELECT *
FROM bt_hours
INNER JOIN bt_location ON bt_hours.location_id = bt_location.id
INNER JOIN bt_projects ON bt_hours.project_id = bt_projects.id
WHERE bt_hours.user_id='$user_id' AND bt_hours.work_date LIKE '$date'";
$result = mysql_query($sql)
or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
/*while ($row = mysql_fetch_assoc($result)) {*/
echo '
<tr>
<td>'.$row['code'].'
</td>
<td>'.$row['project'].'
</td>
<td>'.$row['job'].'
</td>
<td>'.$row['start_time'].'
</td>
<td>'.$row['end_time'].'
</td>
<td>'.$row['location'].'
</td>
<td></td>
</tr>
';
}
?>
叫任何人都可以请帮助我理解为什么是这样?我不认为自己是一个多才多艺的编码器以任何手段,但如果我失去了的东西在这里...
干杯
你代码是广泛开放的SQL注入。请阅读[如何防止PHP中的SQL注入?](http://stackoverflow.com/q/60174/3899908),并从'mysql_'更改为'mysqli_'或'PDO'。 – worldofjr