Pass Variables in PHP url [closed]

2019-10-08 18:53发布

I have a php code below that outputs json array on the browser.

The php script is called like this: http://localhost/site/property.php

I would like to call it like this: http://localhost/site/property.php?propertyId=1&clientId=2

Where propertyId and clientId are columns of the property table. How can I change this script to achieve this

Thanks. I will really appreciate.

<?php 

    $connection = mysql_connect("localhost", "root", "");

    if(!$connection)
    {
        die('Could not connect: ' .mysql_error());
    }

    mysql_select_db("Mobile", $connection); 

    $result = mysql_query("SELECT * FROM property");

    while($row = mysql_fetch_assoc($result))
    {
        $output[]=$row;
    }

    Print(json_encode($output));
    mysql_close($connection);

?>

标签: php
6条回答
等我变得足够好
2楼-- · 2019-10-08 19:20

you may try like this

<?php 

    $connection = mysql_connect("localhost", "root", "");

    if(!$connection)
    {
        die('Could not connect: ' .mysql_error());
    }

    mysql_select_db("Mobile", $connection); 
    $where ="";

    if(!empty($_REQUEST['propertyId']))
    {
    $pid=mysql_escape_string($_REQUEST['propertyId']);
    $where .=" AND propertyId='".(int)$pid."'";
    }
    if(!empty($_REQUEST['clientId']))
    {
    $cid=mysql_escape_string($_REQUEST['clientId']);
    $where .=" AND clientId='".(int)$cid."'";
    }
    $result = mysql_query("SELECT * FROM property WHERE 1=1".$where);

    while($row = mysql_fetch_assoc($result))
    {
        $output[]=$row;
    }

    Print(json_encode($output));
    mysql_close($connection);

?>
查看更多
来,给爷笑一个
3楼-- · 2019-10-08 19:21

You will get a lot of stick for this method but if you want it here it is.

$result = mysql_query("SELECT * FROM property WHERE propertyID = '".(int)$_GET['propertyID']."' AND clientID = '".(int)$_GET['clientID']."'");

Please, no haters :P

查看更多
Animai°情兽
4楼-- · 2019-10-08 19:30

You'll have to check if "propertyId" and "clientId" are passed as URL-parameters (checking $_GET[<param>]) and then adapt your query accordingly. Using mysqli_* (instead of the deprecated mysql_*) and also prepared statements which protect against SQL Injection, your script could look like this.

$connection = mysqli_connect("localhost", "root", "");
              or die('Could not connect: ' . mysqli_connect_error());
mysqli_select_db($connection, "Mobile"); 

if (isSet($_GET["propertyId"]) && isSet($_GET["clientId"])) {
    $query = "SELECT * FROM property WHERE propertyId = ? AND clientId = ?";
    $stmt = mysqli_prepare($connection, $query);
    $stmt->bind_params("ii", (int)$_GET["propertyId"], (int)$_GET["clientId"]);
    $result = $stmt->execute();
} else {
    $result = mysqli_query($connection, "SELECT * FROM property");
}

while($row = mysqli_fetch_assoc($result)) {
    $output[] = $row;
}

Print(json_encode($output));
mysqli_close($connection);
查看更多
姐就是有狂的资本
5楼-- · 2019-10-08 19:33
$_GET['propertyId'];

will be set to propertyId from the url string

查看更多
ゆ 、 Hurt°
6楼-- · 2019-10-08 19:41

Grab the GET variables:

$propertyId = filter_input(INPUT_GET, 'propertyId', FILTER_SANITIZE_NUMBER_INT);
$clientId   = filter_input(INPUT_GET, 'clientId', FILTER_SANITIZE_NUMBER_INT);

If the input is invalid then it cannot be used:

if ( ! filter_var($propertyId, FILTER_VALIDATE_INT))
    die('Invalid GET variable: propertyId');
if ( ! filter_var($clientId, FILTER_VALIDATE_INT))
    die('Invalid GET variable: clientId');

Then make sure the input is safe:

$propertyId = mysql_real_escape_string($propertyId, $connection);
$clientId   = mysql_real_escape_string($clientId, $connection);

And then add the variables to the query:

$query = sprintf(
    "SELECT * FROM property WHERE propertyId = %d AND clientId = %d",
    $propertyId, $clientId
);
$result = mysql_query($query);
// ...

Finally, you should switch over to a newer and better database driver, such as MySQLi (notice the i, which stands for "improved") or PDO. The MySQL driver is quite old and should not be used anymore. If you are stuck with it then be extra careful about what you put into the SQL query string -- you should always be careful, but newer drivers, when used correctly, shield you from many mistakes that can be made.

查看更多
放我归山
7楼-- · 2019-10-08 19:45

First of all, mysql_* functions should NOT be used. For database transactions use mysqli_* functions (see http://php.net/manual/en/book.mysqli.php) or PDO (see http://php.net/manual/en/book.pdo.php).

You can do something like this:

$propertyID = (int) $_GET['propertyid'];
$clientID = (int) $_GET['clientid'];

$dbh = new PDO("mysql:host=$hostname;dbname=mysql", $username, $password);

$q = $conn->prepare("SELECT * property WHERE property_id = ? AND client_id = ?");
$q->execute(array($propertyID, clientID));

while($r = $q->fetch()){
  print_r($r);
}
查看更多
登录 后发表回答