1. 首页
  2. 问答
  3. 调用字段= url中 - 腓

调用字段= url中 - 腓

2011-03-25 29 views
0 
<?php 
// Filter our input. 
$pID = filter_input(INPUT_GET, 'pID', FILTER_SANITIZE_NUMBER_INT); 
if(!$pID) { 
    echo "No pID specified."; 
    exit; 
} 
// Throw exceptions on errors. You will need to catch these. 
PDO::setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
$username = "##"; 
$password = "##"; 
// You'll want to fill in the database name, and define the un/pw 
$pdo = new PDO('mysql:host=localhost;dbname=dbname', $username, $password); 
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
// Prepare a statement to be executed. 
// <http://us2.php.net/manual/en/pdo.prepare.php> 
$sth = $pdo->prepare(' 
    SELECT fname, lname 
     FROM Professor 
    WHERE pID = ? 
'); 
// Execute the prepared statement. The values in the array are 
// automatically escaped and quoted, and placed where the question 
// marks are in the prepared statement. *Used correctly*, this method 
// makes you immune from SQL Injection. 
// <http://us2.php.net/manual/en/pdostatement.execute.php> 
$sth->execute(array(
    $pID 
)); 
// Did we get any results? 
if($sth->rowCount() > 0) { 
// Yes! Fetch one row as an associative array. 
// <http://us2.php.net/manual/en/pdostatement.fetch.php> 
    $row = $sth->fetch(PDO::FETCH_ASSOC); 
    echo "I found {$row['fname']} {$row['lname']}."; 
} else { 
// Nope, let the user know we found nothing. 
    echo "No results."; 
} 
unset($sth); 
?>

来源

2011-03-25 Jshee

+0

谷歌肯定能。 http://www.google.gr/search?q=php+mysql+select+one+row – Jon 2011-03-25 01:29:17

+2

我很困惑。 [你知道规范化](http://stackoverflow.com/questions/5372258/getting-a-database-to-1nf-or-2nf-mysql),但不记得一个简单的'SELECT'的基础知识?有一些我们在这里失踪的信息吗? – Charles 2011-03-25 01:32:47

+0

非常感谢Jon,非常感谢。 – Jshee 2011-03-25 01:42:28

回答

0

让我们用PDO,最好的内置数据库适配器和filter extension,以保护我们的输入。

// Filter our input. 
$pID = filter_input(INPUT_GET, 'pID', FILTER_SANITIZE_NUMBER_INT); 
if(!$pID) { 
    echo "No pID specified."; 
    exit; 
} 
// You'll want to fill in the database name, and define the un/pw 
$pdo = new PDO('mysql:host=localhost;dbname=...', $username, $password); 
// Throw exceptions on errors. You will need to catch these. 
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
// Prepare a statement to be executed. 
// <http://us2.php.net/manual/en/pdo.prepare.php> 
$sth = $pdo->prepare(' 
    SELECT fname, lname 
     FROM Professor 
    WHERE pID = ? 
'); 
// Execute the prepared statement. The values in the array are 
// automatically escaped and quoted, and placed where the question 
// marks are in the prepared statement. *Used correctly*, this method 
// makes you immune from SQL Injection. 
// <http://us2.php.net/manual/en/pdostatement.execute.php> 
$sth->execute(array(
    $pID 
)); 
// Did we get any results? 
if($sth->rowCount() > 0) { 
// Yes! Fetch one row as an associative array. 
// <http://us2.php.net/manual/en/pdostatement.fetch.php> 
    $row = $sth->fetch(PDO::FETCH_ASSOC); 
    echo "I found {$row['fname']} {$row['lname']}."; 
} else { 
// Nope, let the user know we found nothing. 
    echo "No results."; 
} 
unset($sth);

哎呦,而不是尝试这个命令:

$pdo = new PDO('mysql:host=localhost;dbname=...', $username, $password); 
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

来源

2011-03-25 01:44:35 Charles

+0

请检查更新的代码,不知道为什么它这样做。 – Jshee 2011-03-25 01:54:35

+0

@woopie,对不起,我有一个brainfart。检查我的帖子以获得更新 - 更改线条的顺序并更改其中一个的语法 – Charles 2011-03-25 02:01:22

+0

代码再次更新,仍然给我完全相同的错误。为什么我不能像** $ pdo = new PDO($ host,$ username,$ password)**那样传递主机,dbname,un,pw作为变量? – Jshee 2011-03-25 02:10:40

相关问题

 相关问题