Is there any problem with this since i get no output returned?Thanks in advance.
$question_text 开发者_运维问答= $_POST['question_text'];
$first_word = explode(" ", $question_text);
$query ="SELECT c.field_name,t.category_name, d.domain_name FROM category_fields c, taxonomy_category t, taxonomy_domain d
WHERE c.category_Id = t.category_Id AND t.domain_Id = d.domain_Id
AND c.field_name = '$first_word'";
I've changed my code to this and still no output.Is there a problem with the way i display them ?Thanks
$question_text = $_POST['question_text'];
list($first_word) = explode(' ', $question_text);
$query ="SELECT c.field_name,t.category_name, d.domain_name FROM category_fields c, taxonomy_category t, taxonomy_domain d WHERE c.category_Id = t.category_Id AND t.domain_Id = d.domain_Id AND c.field_name = '".mysql_escape_string($first_word[0])."'";
$result = mysql_query($query);
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
echo "Keyword :{$row['c.field_name']}" . "Category : {$row['t.category_name']}" . "Domain : {$row['d.domain_name']}"; }
?>
$first_word is an array, not a string, in your query you want $first_word[0]
it is also very unsafe to put any user submitted value directly in to a sql query, it should always be sanitised.
Instead of the explode line you could use following to get a correct SQL query:
$first_word = mysql_real_escape_string(strtok($question_text, " "));
The strtok cuts of the string until the first space. And escape function is necessary to prevent your script from SQL exploits.
Well after $first_word = explode(" ", $question_text);
$first_word is an array because explode returns and array
Therefore
$query ="SELECT c.field_name,t.category_name, d.domain_name FROM category_fields c, taxonomy_category t, taxonomy_domain d
WHERE c.category_Id = t.category_Id AND t.domain_Id = d.domain_Id
AND c.field_name = '$first_word'";
should be
$query ="SELECT c.field_name,t.category_name, d.domain_name FROM category_fields c, taxonomy_category t, taxonomy_domain d
WHERE c.category_Id = t.category_Id AND t.domain_Id = d.domain_Id
AND c.field_name = '".mysql_escape_string($first_word[0])."'";
Read http://php.net/manual/en/function.mysql-escape-string.php for what mysql_escape_string does.
list($first_word) = explode(' ', $question_text);
This should do the trick. Sanitize your database inputs!
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论