如何将用户输入用作sql函数的参数之一?
[英]How do I use a user's input as 1 of the arguments for an sql function?
问题描述
*This is a simplified version of the code 
*这是代码的简化版本
I have a query 我有一个查询
SELECT func('123', x, '789');
where X is dependent on the user's input into a text box; X取决于用户在文本框中的输入;
I tried 我试过了
$result = pg_query($conn, "SELECT func('123', _GET['x'], '789')");
where x is retrieved from 从哪里检索x
<form method="get">
x: <input type="text" name="x"><br/>
<input type="submit">
</form>
however, this doesn't seem to work. 但是,这似乎不起作用。 Also, does the position of the PHP within the html make a difference? 另外,PHP在html中的位置是否有所不同?
Here is the entire code: 这是完整的代码:
<!DOCTYPE html>
<html>
<body>
<?php
$string_connection = "host=localhost port=5432 user=myname dbname=mydb";
$conn = pg_connect($string_connection);
$result = pg_query($conn, "SELECT get_champ('123', $_GET['x'], '789')");
while ($row = pg_fetch_row($result)) {
echo "$row[0]";
echo "<br/>\n";
}
?>
<form method="get">
End Date: <input type="text" name="x"><br/>
<input type="submit">
</form>
</body>
</html>
1 个解决方案
解决方案1
1 已采纳 2014-03-31 07:11:29
Edit 编辑
Use: 采用:
$x = $_GET['x'];
then use ($conn, "SELECT get_champ('123', '$x', '789')") 然后使用($conn, "SELECT get_champ('123', '$x', '789')")
$string_connection = "host=localhost port=5432 user=myname dbname=mydb";
$conn = pg_connect($string_connection);
$x = $_GET['x'];
$result = pg_query($conn, "SELECT get_champ('123', '$x', '789')");
while ($row = pg_fetch_row($result)) {
echo "$row[0]";
echo "<br/>\n";
}
and if it's an int , use $x = (int)$_GET['x']; 如果是int ,则使用$x = (int)$_GET['x'];
Original answer 原始答案
name"x" missing = change to name="x" name"x"丢失=更改为name="x"
also, either use $_GET['x'] or {$_GET['x']} 另外,请使用$_GET['x']或{$_GET['x']}
$result = pg_query($conn, "SELECT func('123',{$_GET['x']}, '789')");
and 和
<form method="get">
x: <input type="text" name="x"><br/>
<input type="submit">
</form>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.