2014-12-05 123 views
0

我在我的論壇網站的評論列表中有問題php 請幫忙 我試圖循環所有的用戶評論,但它只出現1或失敗循環顯示所有相同的評論很多號碼。如何循環php的變量

<?php 
include 'connection.php'; 
     echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr>'; 
     echo '<td width="80%" height="20"><strong>Thread :'; 
     $query="select title from topic where topic_id=".$_REQUEST['topic']; 
     $result=mysql_query($query); 
     $row=mysql_fetch_array($result); 
     echo $row['title']; 
    if($row){ 
     do{ 
    echo'</strong></td><td align="center" valign="top"><strong><?php '; 
     $query2="select * from comment where topic_id=".$_REQUEST['topic']; 
     $result2=mysql_query($query2); 
     $row2=mysql_fetch_array($result2); 
     echo $row2['post_date']; 
     echo '</strong></td></tr></table>'; 
    echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr><td align="center" valign="top" height="20"><strong> Post By :<strong></td><td width="85%" ><strong>'; 
     echo $row['title']; 
     echo'</strong></td></tr>'; 
    echo '<tr><td align="center" valign="top"><strong>'; 
      $query3="select * from user_login where email='".$row2['post_by_user']."'"; 
      $result3=mysql_query($query3); 
      $row3=mysql_fetch_array($result3); 
      echo '<br>'.$row3['first_name'].' '.$row3['last_name']; 

     echo '</strong></td><td align="left" valign="top" height=200>'; 
     //displaying list comment 
    echo '<p>'.$row2['description'].'</p><hr>'; 
    }while($row=mysql_fetch_array($result2)); 
     } 
     ?> 
     </td> 
    </tr> 

爲什麼循環失敗?

+0

'$行= mysql_fetch_array($結果2)'是不是一個比較? – 2014-12-05 03:28:53

+0

你在錯誤的地方循環着非相關的變量。注意:你很容易SOL注入和使用折舊的mysql_ *函數 – bansi 2014-12-05 03:31:42

+0

可以修復它嗎? :d – 2014-12-05 03:40:20

回答

0

我重新安排了你的循環。第一件錯誤的是while($row=mysql_fetch_array($result2)),因爲您在該循環中使用$row2,並且更改$row將無濟於事。

<?php 
include 'connection.php'; 
echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr>'; 
echo '<td width="80%" height="20"><strong>Thread :'; 
$query = "select title from topic where topic_id=" . $_REQUEST['topic']; 
$result = mysql_query($query); 
$row = mysql_fetch_array($result); 
echo $row['title']; 
if ($row) { 
    echo '</strong></td><td align="center" valign="top"><strong><?php '; 
    $query2 = "select * from comment where topic_id=" . $_REQUEST['topic']; 
    $result2 = mysql_query($query2); 
    while ($row2 = mysql_fetch_array($result2)) { 
     echo $row2['post_date']; 
     echo '</strong></td></tr></table>'; 
     echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr><td align="center" valign="top" height="20"><strong> Post By :<strong></td><td width="85%" ><strong>'; 
     echo $row['title']; 
     echo '</strong></td></tr>'; 
     echo '<tr><td align="center" valign="top"><strong>'; 
     $query3 = "select * from user_login where email='" . $row2['post_by_user'] . "'"; 
     $result3 = mysql_query($query3); 
     $row3 = mysql_fetch_array($result3); 
     echo '<br>' . $row3['first_name'] . ' ' . $row3['last_name']; 

     echo '</strong></td><td align="left" valign="top" height=200>'; 
     //displaying list comment 
     echo '<p>' . $row2['description'] . '</p><hr>'; 
    } 
} 
?> 
</td> 
</tr> 

非常重要:你非常容易發生SQL注入。在提供給SQL之前,請至少清理您的輸入。你也在使用折舊的mysql_ *函數。相反,請使用MySQLiPDO_MySQL擴展名。

備註:錯誤與代碼的可讀性成反比。可維護性與可讀性的平方成正比。

編輯:如果你想echo $row2['post_date']只有一次循環,你可以使用這樣的循環。這將只打印第一行的post_date

if ($row) { 
    echo '</strong></td><td align="center" valign="top"><strong><?php '; 
    $query2 = "select * from comment where topic_id=" . $_REQUEST['topic']; 
    $result2 = mysql_query($query2); 
    $row2 = mysql_fetch_array($result2); 
    if ($row2) { 
     echo $row2['post_date']; 
     do { 
      echo '</strong></td></tr></table>'; 
      echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr><td align="center" valign="top" height="20"><strong> Post By :<strong></td><td width="85%" ><strong>'; 
      echo $row['title']; 
      echo '</strong></td></tr>'; 
      echo '<tr><td align="center" valign="top"><strong>'; 
      $query3 = "select * from user_login where email='" . $row2['post_by_user'] . "'"; 
      $result3 = mysql_query($query3); 
      $row3 = mysql_fetch_array($result3); 
      echo '<br>' . $row3['first_name'] . ' ' . $row3['last_name']; 

      echo '</strong></td><td align="left" valign="top" height=200>'; 
      //displaying list comment 
      echo '<p>' . $row2['description'] . '</p><hr>'; 
     } while($row2 = mysql_fetch_array($result2)); 
    } 
} 
+0

thx爲答案,但日期仍然在循環中,怎麼能把日期放在循環之外? echo $ row2 ['post_date'];上面這段代碼while($ row2 = mysql_fetch_array($ result2)){?? – 2014-12-05 04:02:09

+0

你的意思'回聲$ row2 ['post_date']'只有一次循環? – bansi 2014-12-05 04:46:11

0

除了代碼中的錯誤,您還有幾個SQL injection vulnerabilities和未轉義的輸出漏洞。

  1. $result2變量被分配你/ while循環。這意味着在循環的每次迭代中它都被覆蓋。這永遠不會導致超過一次迭代的輸出值。你需要花費一些時間來熟悉PHP,數據庫(在你的情況下是MySQL),以及SQL injection的性質。

這裏是你的代碼,重新編寫來解決你的邏輯問題和SQL注入漏洞。您需要花一些時間才能瞭解並解決problems with outputting unescaped user input

<?php 

    // You will need to define $dbConnection per the MySQLi API. 
    // http://php.net/manual/en/book.mysqli.php 
    include 'connection.php'; 

    echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr>'; 
    echo '<td width="80%" height="20"><strong>Thread :'; 

    $stmt = $dbConnection->prepare('select title from topic where topic_id = ?'); 
    $stmt->bind_param('s', $_REQUEST['topic']); 

    $result = $stmt->get_result(); 
    $row = $result->fetch_assoc(); 

    echo $row['title']; 

    if ($row) 
    { 
    $query2 = "select * from comment where topic_id=".$_REQUEST['topic']; 

    $stmt2 = $dbConnection->prepare('select * from comment where topic_id = ?'); 
    $stmt2->bind_param('s', $_REQUEST['topic']); 

    $result2 = $stmt->get_result(); 

    while ($row2 = $result2->fetch_assoc()) 
    { 
     echo'</strong></td><td align="center" valign="top"><strong><?php '; 
     echo $row2['post_date']; 
     echo '</strong></td></tr></table>'; 
     echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr><td align="center" valign="top" height="20"><strong> Post By :<strong></td><td width="85%" ><strong>'; 
     echo $row['title']; 
     echo'</strong></td></tr>'; 
     echo '<tr><td align="center" valign="top"><strong>'; 

     $stmt3 = $dbConnection->prepare('select * from user_login where email = ?'); 
     $stmt3->bind_param('s', $row2['post_by_user']); 

     $row3 = $result3->fetch_assoc() 

     echo '<br>' . $row3['first_name'] . ' ' . $row3['last_name']; 

     echo '</strong></td><td align="left" valign="top" height=200>'; 
     //displaying list comment 
     echo '<p>'.$row2['description'].'</p><hr>'; 
    } 
    } 
    ?> 
    </td> 
</tr> 
+0

先生的代碼,但我不明白大多數代碼你改變,仍然是一個新手,也許我必須在這裏學習更多.thx! – 2014-12-05 04:03:51

0

您已經使用$ RESULT2在while循環的條件,將其更改爲$結果把事情的工作

while($row=mysql_fetch_array($result));