如何在MySQLi查询中使用$ _POST变量? (php)

看到在此之前已经提交了一个答案，以为我也根据问题下的评论将其也放入了答案.

Seeing that an answer's been submitted before this, thought I'd put one in too and based on a comment I left under the question.

这里的问题之一是，您要查询两次，这是一个主要问题，导致语法错误，

One of the problems here is, you're querying twice which is a major issue, resulting in a syntax error that MySQL is throwing in the background, but you're not listening for it. Plus, your quoting method which I've modified below, just in case it is a string; which we don't know at this time.

$query = 'SELECT name, beschreibung FROM uebersicht WHERE id = "$stridEingabe"'; 

$result = mysqli_query($con, $query);
          ^^^^^^^^^^^^
if ($result = mysqli_query($con, $query)) {
              ^^^^^^^^^^^^

/* Array ausgeben */
while ($row = mysqli_fetch_assoc($result)) {
    printf ("<b>%s</b> <br>%s<br> <br>", $row["name"],  $row["beschreibung"]);

}

您要删除的是= mysqli_query($con, $query)并添加错误检查:

what you want is to remove = mysqli_query($con, $query) and add error checking:

$query = "SELECT name, beschreibung FROM uebersicht WHERE id = '".$stridEingabe."'"; 

$result = mysqli_query($con, $query);

if ($result) {
/* Array ausgeben */
while ($row = mysqli_fetch_assoc($result)) {
    printf ("<b>%s</b> <br>%s<br> <br>", $row["name"],  $row["beschreibung"]);

    }

} // brace for if ($result)

// else statement for if ($result)
else{
    echo "There was an error: " .mysqli_error($con);
}

或者，最好使用mysqli_real_escape_string().

$stridEingabe = mysqli_real_escape_string($con,$_POST["idEingabe"]);

• 尽管准备好的陈述是最好的.

此外，关于SQL注入(您可以打开)，应该使用 具有准备好的语句的PDO ，它们更加安全.

Plus, in regards to SQL injection which is something you're open to, should be using mysqli with prepared statements, or PDO with prepared statements, they're much safer.

脚注:

请确保您确实使用mysqli_进行连接，而不要使用其他MySQL API(例如mysql_或PDO)进行连接.这些不同的API不会相互混合.

Make sure you are indeed using mysqli_ to connect with and not another MySQL API such as mysql_ or PDO to connect with. Those different APIs do not intermix with each other.

之所以这样说是因为，您的问题中的连接方法未知.

I say this because, the connection method is unknown in your question.

此外，如果您在同一文件中使用整个代码，则应该对POST数组使用条件语句，否则它会在页面加载时立即发出通知； 假设系统已启用错误报告.

Plus, if you're using your entire code inside the same file, then you should be using a conditional statement for your POST array, otherwise it will thrown a notice immediately on page load; assuming error reporting is enabled on your system.

• 通知将为未定义索引idEingabe ..."

即:

if(!empty($_POST['idEingabe'])){...}

另一件事；如果您输入的值是整数，则可以使用以下函数来确保它们是整数而不是字符串，如果这是最终目标:

Another thing; if your inputted value is an integer, you can use the following functions to make sure they are integers and not a string, if that is what the ultimate goal is:

• http://php.net/manual/en/function.is- int.php -is_int()
• http://php.net/manual/en/function.is- numeric.php -is_numeric()

• http://php.net/manual/en/function.is-int.php - is_int()
• http://php.net/manual/en/function.is-numeric.php - is_numeric()

并与它们一起使用条件语句.

and using a conditional statement in conjunction with those.

将 错误报告 添加到文件顶部，这将有助于发现错误.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

侧注:错误报告仅应在登台进行，而绝不能在生产中进行.

Sidenote: Error reporting should only be done in staging, and never production.