我正在尝试打开与点击的缩略图对应的视频。但是,当我被定向到应该出现视频的页面时,我收到错误,
致命错误:未捕获mysqli_sql_exception:您的SQL语法中有错误;查看与您的MySQL服务器版本对应的手册,以便在'\'附近使用正确的语法SELECT v_id FROM video WHERE image_name = \'$ image_name \'\')?>'
下面是单击图像的页面,
<?php
$query=mysqli_query($link, "SELECT * FROM video ORDER BY RAND() LIMIT 5");
while($all_video=mysqli_fetch_array($query))
{
?>
<a href="watchScreen.php? $v_id=mysqli_query($link, \'SELECT v_id FROM video WHERE image_name = \'$image_name\'\') ?>" onclick="open()" ><image src="thumbnails/<?php echo $all_video['image_name']; ?>" id="img" width="300" height="200"/></a>
<script type="text/javascript">
function open() {
var nameImg = document.getElementById("img").src;
nameImg = "<?php $image_name ?>";
}
</script>
<?php } ?>
接下来是手表Screen.php,
<?php
include "config.php";
session_start();
$_SESSION['v_id']=$_GET['$v_id']
$vid_id = $_SESSION['v_id'];
$myquery=mysqli_query($link, "SELECT video_name FROM video WHERE v_id=$vid_id");
while($my_video=mysqli_fetch_array($myquery))
{
?>
<video width="60%" height="60%" style="background-color:#585858; border: 4px solid darkorange; border-radius:20px;" controls>
<source src="uploads/<?php echo $play_vid['video_name']; ?>" type="video/mp4">
</video>
<?php } ?>
下面是mySQL表,
CREATE TABLE video(
v_id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
video_name VARCHAR(225) NOT NULL,
id INT NOT NULL,
FOREIGN KEY user_id(id)
REFERENCES users(id)
ON DELETE CASCADE,
n_views INT,
image_name VARCHAR(225) NOT NULL
);
我现在正试图找出如何将点击图像的名称发送到watchScreen.php。
我建议,如果我理解正确,或许尝试类似以下的方法。
因此,您似乎只需要将请求中的vid值发送到您在初始查询中获得的watchScreen.php。当查询返回所有列时,您可以选择并轻松选择HTML中包含的列/字段,而无需您之前的错误查询。
<?php
$query=mysqli_query($link, "SELECT * FROM video ORDER BY RAND() LIMIT 5");
while($all_video=mysqli_fetch_array($query)){
printf('
<a href="watchScreen.php?$v_id=%d" onclick="open(event)">
<img src="thumbnails/%s" width=300 height=200 />
</a>',
$all_video['v_id'],
$all_video['image_name']
);
}
?>
<script>
/*
The `open` function doesn't actually do anything as it was...
Also, every ID MUST be unique... but there is no need to
assign an ID in this case as the image is a direct child
of the `a` so can be accessed in a number of ways.
*/
function open(e){
var img = e.target.querySelector('img');
alert( img.src );
}
</script>
要处理请求,因为它具有用户输入(GET),您确实应该使用预准备语句来尝试避免SQL注入攻击。
<?php
session_start();
include "config.php";
if( !empty( $_GET['$v_id'] ) ){
$vid = $_SESSION['v_id'] = $_GET['$v_id'];
$sql='SELECT video_name FROM video WHERE v_id=?';
$stmt=$link->prepare( $sql );
$stmt->bind_param('i', $vid );
$res=$stmt->execute();
if( $res ){
$stmt->store_result();
$stmt->bind_result( $videoname );
$stmt->fetch();
/* a literal `%` in either `printf` or `sprintf` should be escaped with another `%` ... */
printf('
<video width="60%%" height="60%%" style="background-color:#585858; border: 4px solid darkorange; border-radius:20px;" controls>
<source src="uploads/%s" type="video/mp4">
</video>
', $videoname );
}
} else {
exit('missing ID');
}
?>
以上都没有经过测试,所以你可能会发现一些错误(希望不会太多) - 希望它会有所帮助