I don't know why but the data type in this code makes a trouble when the id in the url starts with the number zero like this: http://localhost/exp/update.php?id=03A43 In this case the id is 03A43.
And my query looks like this:
mysql_select_db("school", $con);
$result = mysql_query("SELECT * FROM student WHERE IDNO开发者_如何学编程=".(int)$_GET['id']);
?>
There is no problem in the design if the id does not start with the number zero. What might be the proper data type for numbers beginning in zero?
Edit: The OP didn't reveal until recently that the type of the field is a varchar, not a number. Hence, s/he should use this:
mysql_query("SELECT * FROM student WHERE IDNO='"
. mysql_escape_string($_GET['id']) . "'");
For posterity, my original answer was:
It looks like you're trying to parse a hexadecimal number, in which case you could do:
hexdec($_GET['id'])
(int)x
is the same as intval(x)
, which defaults to base 10. Your number, 03A43
, was clearly not base 10, so PHP stopped reading it when it got to the A
. You could also say intval(x, 16)
to parse the hexadecimal number, but since you're using the result as a string, hexdec is probably a teeny tiny bit faster.
As an unrelated note of caution, many programming languages treat numbers starting with 0 as octal rather than decimal. If you say $myvar = 031;
, $myvar
will be set to 25
. This also applies to JavaScript as well as its parseInt
function. In PHP, since (int)
and intval
default to base 10, intval('031')
will be 31
. However, intval('031', 0)
will be 25
because the second parameter, 0
, tells intval
to autodetect the base.
Stop casting an alphanumeric string as an integer if you want the string to remain intact. Why are you doing that? Also, and more importantly, you need to escape your raw input, at the very least. Call mysql_real_escape_string()
on it before passing it to mysql_query()
.
Quote your string:
mysql_select_db("school", $con);
$result = mysql_query("SELECT * FROM student WHERE IDNO='".$_GET['id']."'")
What's the type of student.IDNO in the database? Casting $_GET['id']
to an int is going to make it just "3", which seems like not what you want
(int)03A43
will output 3
. Are you sure that's an A
in there?
On the other hand, $_GET[]
will always be a string. Casting a string as an int will remove the leading 0
. If you need the leading 0
just don't cast it, leave the string as it is.
精彩评论