1. 首页
  2. 问答
  3. 从mysql数据库中缺少数据

从mysql数据库中缺少数据

2014-09-02 159 views
0

我有一个由php脚本用来显示数据的mysql数据库......我遇到的问题是,它看起来是随机发生的,它错过了结果,我看不到一个模式以确定为什么它可能会这样做...从mysql数据库中缺少数据

当我检查数据库时,所有的数据似乎很好。

这里是我最初的搜索页面

<?php 
include 'connect.php'; 

//set variable 
$option = ''; 

// Get the county names from database - no duplicates - Order A-Z 
$query = "SELECT DISTINCT tradingCounty FROM offers ORDER BY tradingCounty ASC"; 

// execute the query, $result will hold all of the Counties in an array 
$result = mysqli_query($con,$query); 


while($row = mysqli_fetch_array($result)) { 
    $option .="<option>" . $row['tradingCounty'] . "</option>"; 
} 




echo "<html xmlns='http://www.w3.org/1999/xhtml'>"; 
echo "<title>HSB - Latest Offers</title>"; 
echo "<style type='text/css'>; 
body { 
    background-color: #FFF; 
} 
#wrapper { 
    background-color: #FFF; 
    height: auto; 
    width: 1000px; 
    margin-right: auto; 
    margin-left: auto; 
    font-family: 'Trebuchet MS', Arial, Helvetica, sans-serif; 
} 
</style> 
</head> 

<body> 
<div id='wrapper'> 
    <p><img src='images/header.jpg' width='400' height='100' alt='header' /></p> 
    <HR/> 
    Select an area from the menu below to view any offers in that area. 
    <form id='filter' name='filter' method='post' action='resultssimple.php'> 
     <p><label>County</label></p> 
     <select name='result' id='result'>' . $option . '</select> 
     <input name='' type='submit' /> 
     </form> 
</div> 
</body> 
</html>"; 



?>

,这里是我的结果页

<? 
include 'connect.php'; 

//Get the details from previous page 
$SelectedCounty = $_POST["result"]; 

// Select offers linked to selected county from form 
$result = mysqli_query($con,"SELECT * FROM offers WHERE tradingCounty ='" . $SelectedCounty . "'ORDER BY categoryIdName ASC;"); 

// PREVIOUS ATTEMPTS - ALL WRONG - GGGGRRRRRRRRRRRR !!!!!!!! 
//------------------------------------------------------------ 
//$result = mysqli_query($con,"SELECT * FROM offers WHERE tradingCounty LIKE" . $SelectedCounty); 
//$result = mysql_query("SELECT * FROM pdetails WHERE uid='" . $inputname . "';"); 
//"SELECT * FROM `offers` WHERE `tradingCounty` LIKE 
//$result = mysqli_query($con,"SELECT * FROM offers;"); 
//$result = mysql_query("SELECT * FROM pdetails WHERE uid='" . $inputname . "';"); 
//$result = mysqli_query("SELECT * FROM offers WHERE tradingCounty=" . $SelectedCounty); 


//check to see if results is set - error if not. 
if(!$result) 
{ 
    die("<p>Error in listing tables: ". mysql_error()."</p>"); 
} 

//Show all records for selected county 
echo ("<p><h2>Showing Latest Offers In : " . $SelectedCounty . "</h2></p>"); 
echo ("<p><a href='offers.php' target='_self'>back to search menu</a></p>"); 

/* 
echo ("<table border='1'>"); 
echo ("<tr>"); 
echo ("<td>ID</td><td>Category</td><td>Business Name</td><td>Business Address</td><td>Address2</td><td>Address3</td><td>Town</td><td>County</td><td>Post Code</td><td>Telephone</td><td>URL</td><td>Email</td><td>Discount/Special Offer</td><td>valid from</td>"); 
*/ 

while($row = mysqli_fetch_row($result)) 
{ 
    echo ("<div style=' background-color: #EFF5FF; color: #06C; padding: 5px; float: left; border: 1px dotted #06C; margin: 10px; width: 300px; height: 300px; text-align: center; >"); 
    // echo ("" . $row[0] . ""); 
    // echo ("</br>"); 
    echo ("<strong>" . $row[1] . "</strong>"); 
    echo ("<hr/>"); 
    // echo ("</br>"); 
    echo ("" . $row[2] . ""); 
    echo ("</br>"); 
    echo ("" . $row[3] . ""); 
    echo ("</br>"); 
    // echo ("" . $row[4] . ""); 
    // echo ("</br>"); 
    // echo ("" . $row[5] . ""); 
    // echo ("</br>"); 
    echo ("" . $row[6] . ""); 
    echo ("</br>"); 
    echo ("" . $row[7] . ""); 
    echo ("</br>"); 
    echo ("" . $row[8] . ""); 
    echo ("</br>"); 
    echo ("" . $row[9] . ""); 
    echo ("</br>"); 
    // echo ("" . $row[10] . ""); 
    // echo ("</br>"); 
    echo ("" . $row[11] . ""); 
    echo ("</br>"); 
    echo ("<hr/>"); 
    echo ("<strong>" . $row[12] . "</strong>"); 
    echo ("</br>"); 
    echo ("</div>"); 

/* echo("<tr>"); 
    echo("<td>" . $row[0] . "</td>" . "<td>" . $row[1] . "</td>" . "<td>" . $row[2] . "</td>" . "<td>" . $row[3] . "</td>" . "<td>" . $row[4] . "</td>" . "<td>" . $row[5] . "</td>" . "<td>" . $row[6] . "</td>" . "<td>" . $row[7] . "</td>" . "<td>" . $row[8] . "</td>" . "<td>" . $row[9] . "</td>" . "<td>" . $row[10] . "</td>" . "<td>" . $row[11] . "</td>" . "<td>" . $row[12] . "</td>" . "<td>" . $row[13] . "</td>"); 
    echo("</tr>"); 
*/ 
} 
// echo("</table>"); 
?>

什么我越来越可以看出here

来源

2014-09-02 sturobinson81

+0

是一个更清楚一点......一些结果是缺少企业类型,企业名称和一些地址 – sturobinson81 2014-09-02 15:01:06

+0

只是挑剔这里的,但在所有的'SELECT'语句,我建议你明确地命名你想要的列选择而不是使用'SELECT * ...'。 – kevin628 2014-09-02 15:07:32

+0

:)注意到凯文...我想从业余爱好者/我的观点选择*更快:)而我只是不得不注释掉我不想显示的行... – sturobinson81 2014-09-02 15:14:49

回答

0

他们是否丢失或者也许他们被未转义的html字符遮挡。检查浏览器的“查看源代码”选项以查看它们是否实际存在。我会特别留意数据中的字符,例如浏览器可能误认为HTML开放字符的“小于”字符。

您可能需要逃避你的输出,使浏览器不会尝试使其:

echo ("" . htmlspecialchars($row[2]) . "");

另外,我建议你从来没有直接从用户获得输入,并把它变成一个SQL查询,而不逃逸它首先。您正在打开自己的SQL注入攻击。

请参阅以下内容:

http://php.net/manual/en/mysqli.real-escape-string.php

来源

2014-09-02 15:23:49

+0

嗨Wes,可以从下拉菜单中进行sql注入吗?对不起,我很新的PHP。 – sturobinson81 2014-09-02 15:30:22

+0

我查看了源代码,缺少详细信息......为什么会发生这种情况? – sturobinson81 2014-09-02 15:30:52

+0

这可能是因为浏览器将它们视为HTML字符。它们是否包含<>字符? – 2014-09-02 15:32:18

0

不知道这是否会帮助,但在这一行:

$result = mysqli_query($con,"SELECT * FROM offers WHERE tradingCounty ='" . $SelectedCounty . "'ORDER BY categoryIdName ASC;");

它看起来像你有一个额外的分号(; )在最后一个双引号之前。我不认为那应该在那里。

您也可以存储数组中返回的所有内容,并在遍历它时查看返回的所有内容。然后,如果缺少某些内容,请转到数据库并查看该行。

$tempArray = array(); 
while($row = mysqli_fetch_row($result)) { 
    $tempArray = $row; 
} 

foreach($tempArray as $value) { 
    echo $value . '<br>'; 
}

来源

2014-09-02 15:25:17 trevorj

相关问题

 相关问题