嘿,我有下面的脚本不工作,它对我来说晚了,所以我可以使用一些帮助。这从http帖子接收一个id数组,并且应该抓取用户名。当我发送一个单一的ID,我知道是在我的数据库中,我得到空回来。我的脚本有什么问题?PHP脚本只返回上一个值
<?php
$friendArray[] = $_POST["friendId"];
$hostname = 'http://localhost/';
$dbname = 'MYDB';
$db_username = 'user';
$db_password = 'pass';
$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',);
$inQuery = implode(',', array_fill(0, count($friendArray), '?'));
try {
$dsn = "mysql:unix_socket=/var/run/mysqld/mysqld.sock;dbname=".$dbname;
$dbh = new PDO($dsn, $db_username, $db_password, $options);
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sth = $dbh->prepare('SELECT USER_SCREEN_NAME USER WHERE USER_ID IN (' . $inQuery . ')');
foreach ($friendArray[] as $k => $friend)
{
$sth->bindValue(($k+1), $friend);
}
$sth->execute();
$results = $sth->fetchAll(PDO::FETCH_ASSOC);
$json=json_encode($results);
echo $json;
}
catch(PDOException $e) {
echo $e->getMessage();
}
$dbh = null;
?>
解决方法:我发现的主要问题是在sql语句中没有“FROM”。之后,我经历了更多的迭代和问题,最终得到以下工作。另一个问题是,循环和绑定不起作用,所以一旦我得到了适当的格式数组传递它执行了伎俩。
<?php
$friendArray = array();
foreach ($_POST["friendId"] as $myFriend)
{
$friendArray[] = $myFriend;
}
$hostname = 'http://localhost/';
$dbname = 'MYDB';
$db_username = 'user';
$db_password = 'pass';
$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',);
$inQuery = implode('', array_fill(0, count($friendArray)-1, " OR USER_ID = ?"));
try {
$dsn = "mysql:unix_socket=/var/run/mysqld/mysqld.sock;dbname=".$dbname;
$dbh = new PDO($dsn, $db_username, $db_password, $options);
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sth = $dbh->prepare("SELECT USER_SCREEN_NAME FROM USER WHERE USER_ID = ?" . $inQuery . "");
$sth->execute($friendArray);
$results = $sth->fetchAll(PDO::FETCH_ASSOC);
$json=json_encode($results);
echo $json;
}
catch(PDOException $e) {
echo $e->getMessage();
}
$dbh = null;
?>
这行,在该脚本不能按预期工作? –
可能在这里,但是'$ friendArray [] = $ _POST [“friendId”];方括号中的原因是什么?难道不会仅仅将'$ _POST [“friendId”]'赋值给'$ friendArray [0]'? –
@cegfault查看'$ inQuery'是如何被填充的;这根本不是SQL注入。 –