<?php
// Filter our input.
$pID = filter_input(INPUT_GET, 'pID', FILTER_SANITIZE_NUMBER_INT);
if(!$pID) {
echo "No pID specified.";
exit;
}
// Throw exceptions on errors. You will need to catch these.
PDO::setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$username = "##";
$password = "##";
// You'll want to fill in the database name, and define the un/pw
$pdo = new PDO('mysql:host=localhost;dbname=dbname', $username, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Prepare a statement to be executed.
// <http://us2.php.net/manual/en/pdo.prepare.php>
$sth = $pdo->prepare('
SELECT fname, lname
FROM Professor
WHERE pID = ?
');
// Execute the prepared statement. The values in the array are
// automatically escaped and quoted, and placed where the question
// marks are in the prepared statement. *Used correctly*, this method
// makes you immune from SQL Injection.
// <http://us2.php.net/manual/en/pdostatement.execute.php>
$sth->execute(array(
$pID
));
// Did we get any results?
if($sth->rowCount() > 0) {
// Yes! Fetch one row as an associative array.
// <http://us2.php.net/manual/en/pdostatement.fetch.php>
$row = $sth->fetch(PDO::FETCH_ASSOC);
echo "I found {$row['fname']} {$row['lname']}.";
} else {
// Nope, let the user know we found nothing.
echo "No results.";
}
unset($sth);
?>
0
A
回答
0
让我们用PDO,最好的内置数据库适配器和filter extension,以保护我们的输入。
// Filter our input.
$pID = filter_input(INPUT_GET, 'pID', FILTER_SANITIZE_NUMBER_INT);
if(!$pID) {
echo "No pID specified.";
exit;
}
// You'll want to fill in the database name, and define the un/pw
$pdo = new PDO('mysql:host=localhost;dbname=...', $username, $password);
// Throw exceptions on errors. You will need to catch these.
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Prepare a statement to be executed.
// <http://us2.php.net/manual/en/pdo.prepare.php>
$sth = $pdo->prepare('
SELECT fname, lname
FROM Professor
WHERE pID = ?
');
// Execute the prepared statement. The values in the array are
// automatically escaped and quoted, and placed where the question
// marks are in the prepared statement. *Used correctly*, this method
// makes you immune from SQL Injection.
// <http://us2.php.net/manual/en/pdostatement.execute.php>
$sth->execute(array(
$pID
));
// Did we get any results?
if($sth->rowCount() > 0) {
// Yes! Fetch one row as an associative array.
// <http://us2.php.net/manual/en/pdostatement.fetch.php>
$row = $sth->fetch(PDO::FETCH_ASSOC);
echo "I found {$row['fname']} {$row['lname']}.";
} else {
// Nope, let the user know we found nothing.
echo "No results.";
}
unset($sth);
哎呦,而不是尝试这个命令:
$pdo = new PDO('mysql:host=localhost;dbname=...', $username, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
相关问题
- 1. 腓自毁调用两次
- 2. URL中URL的长URL URL字段字段
- 3. 腓动态用户简档URL
- 4. 使用jQuery的AJAX调用中的url字段的格式
- 5. 使用jQuery调用一次url在输入字段中输入
- 6. 腓去URL根据HTML表单
- 7. 腓Imageresize性能
- 8. 腓 - 获取文件大小与URL
- 9. {%url%}中的对象字段
- 10. URL中的段落字符?
- 11. 在Doctrine中使用URL字段
- 12. 腓返回值
- 13. 删除URL字段中的字符
- 14. 在腓
- 15. 腓typehinting的对象调用的方法,在基类中创建
- 16. 截断输出腓
- 17. 腓IMG调整大小裁剪
- 18. SQL调用所有字段
- 19. 腓的preg_match使用URL作为正则表达式
- 20. 调用字段的方法
- 21. 在输入字段中调用onclick
- 22. 在域Many2one字段中调用函数
- 23. 模型中的CakePHP调用字段()
- 24. 在gtkmm中调用字段ComboBoxText
- 25. 在Singleton类中调用泛型字段
- 26. 腓采取值与数组
- 27. 腓Elasticsearch错误
- 28. 腓不将数据返回到AJAX调用
- 29. 使用Jeditable插件验证URL字段
- 30. 使用Solr缺少url字段DataImportHandler
谷歌肯定能。 http://www.google.gr/search?q=php+mysql+select+one+row – Jon 2011-03-25 01:29:17
我很困惑。 [你知道规范化](http://stackoverflow.com/questions/5372258/getting-a-database-to-1nf-or-2nf-mysql),但不记得一个简单的'SELECT'的基础知识?有一些我们在这里失踪的信息吗? – Charles 2011-03-25 01:32:47
非常感谢Jon,非常感谢。 – Jshee 2011-03-25 01:42:28