b.BuchID = $ID durch Prepared Statement ersetzt
parent
27432e2f56
commit
c9ddb8c3e8
|
|
@ -18,15 +18,22 @@
|
||||||
|
|
||||||
<div class="hauptcontainer">
|
<div class="hauptcontainer">
|
||||||
<?php
|
<?php
|
||||||
/* Übergebene ID des angeklickten Container speichern */
|
$servername = "localhost";
|
||||||
$containerID = $_GET['bookID'];
|
$username = "web_b-3";
|
||||||
|
$password = "een7Ao6s";
|
||||||
|
$dbname = "bibliothek_candle";
|
||||||
|
|
||||||
/* Buch ID abtrennen */
|
$connection =
|
||||||
$ID = str_replace('book_container', '', $containerID);
|
mysqli_connect($servername, $username, $password, $dbname);
|
||||||
|
|
||||||
/* SQL-Befehl zusammenstellen */
|
if (!$connection) {
|
||||||
$sql = "SELECT b.BuchID, b.Titel, b.Erscheinungsjahr, b.Bild,
|
die("Verbindung fehlgeschlagen: " . mysqli_connect_error());
|
||||||
b.Verlag, GROUP_CONCAT(DISTINCT CONCAT(a.VorName, ' ', a.NachName)
|
}
|
||||||
|
|
||||||
|
/* SQL-Befehl vorbereiten */
|
||||||
|
$sql = $connection->prepare("SELECT b.BuchID, b.Titel,
|
||||||
|
b.Erscheinungsjahr, b.Bild, b.Verlag,
|
||||||
|
GROUP_CONCAT(DISTINCT CONCAT(a.VorName, ' ', a.NachName)
|
||||||
SEPARATOR ', ') AS 'Autor',
|
SEPARATOR ', ') AS 'Autor',
|
||||||
GROUP_CONCAT(DISTINCT k.Name SEPARATOR ', ') AS 'Kategorie',
|
GROUP_CONCAT(DISTINCT k.Name SEPARATOR ', ') AS 'Kategorie',
|
||||||
b.ISBN, b.Klappentext AS 'Inhalt', sp.Bezeichnung AS 'Sprache',
|
b.ISBN, b.Klappentext AS 'Inhalt', sp.Bezeichnung AS 'Sprache',
|
||||||
|
|
@ -45,22 +52,24 @@
|
||||||
INNER JOIN `sprache` AS sp ON sp.SprachenID = b.SprachenID
|
INNER JOIN `sprache` AS sp ON sp.SprachenID = b.SprachenID
|
||||||
INNER JOIN `buch_hat_stichwort` AS bhs ON bhs.BuchID = b.BuchID
|
INNER JOIN `buch_hat_stichwort` AS bhs ON bhs.BuchID = b.BuchID
|
||||||
INNER JOIN `stichwort` AS st ON st.StichwortID = bhs.StichwortID
|
INNER JOIN `stichwort` AS st ON st.StichwortID = bhs.StichwortID
|
||||||
WHERE b.BuchID = $ID
|
WHERE b.BuchID = ?
|
||||||
GROUP BY b.BuchID;";
|
GROUP BY b.BuchID;");
|
||||||
|
|
||||||
$servername = "localhost";
|
// Parameter binden
|
||||||
$username = "web_b-3";
|
$sql->bind_param("i", $ID);
|
||||||
$password = "een7Ao6s";
|
|
||||||
$dbname = "bibliothek_candle";
|
|
||||||
|
|
||||||
$connection =
|
// Übergebene ID des angeklickten Container speichern
|
||||||
mysqli_connect($servername, $username, $password, $dbname);
|
$containerID = $_GET['bookID'];
|
||||||
|
|
||||||
if (!$connection) {
|
// Buch ID abtrennen
|
||||||
die("Verbindung fehlgeschlagen: " . mysqli_connect_error());
|
$ID = str_replace('book_container', '', $containerID);
|
||||||
}
|
|
||||||
|
// SQL-Befehl ausführen
|
||||||
|
$sql->execute();
|
||||||
|
|
||||||
|
// Ergebnis speichern
|
||||||
|
$result = $sql->get_result();
|
||||||
|
|
||||||
$result = mysqli_query($connection, $sql);
|
|
||||||
if (mysqli_num_rows($result) > 0) {
|
if (mysqli_num_rows($result) > 0) {
|
||||||
while($row = mysqli_fetch_assoc($result)) {
|
while($row = mysqli_fetch_assoc($result)) {
|
||||||
$bookID = $row['BuchID'];
|
$bookID = $row['BuchID'];
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue