[英]Connecting PHP to MS SQL Server
<?php
$serverName = "(local)"; //serverName
$connectionInfo = array( "Database"=>"DabaseNew", "UID"=>"sa", "PWD"=>"*****");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn==true ) {
echo "Connection established.<br />";
}else{
echo "Connection could not be established.<br />";
die( print_r( sqlsrv_errors(), true));
}
$sql = "SELECT * FROM Dbo.DATABASE COMPANY SERVICES$Employee";
$stmt = sqlsrv_query( $conn, $sql);
if(!$stmt){
die( print_r( sqlsrv_errors(), true));
}
$rows = sqlsrv_has_rows($stmt);
while($obj = sqlsrv_fetch_object( $stmt)){
echo $obj->Description.", ".$obj->lName."<br />";
}
?>
I am trying to connect to php to my sql server using sqlsrv_connect. 我正在尝试使用sqlsrv_connect将php连接到我的sql服务器。 The above code gives me an error below;
上面的代码在下面给了我一个错误;
Output: Connection established. 输出:建立连接。 Array ( [0] => Array ( [0] => 42000 [SQLSTATE] => 42000 [1] => 102 [code] => 102 [2] => [Microsoft][SQL Server Native Client 11.0][SQL Server]Incorrect syntax near 'SERVICES'. [message] => [Microsoft][SQL Server Native Client 11.0][SQL Server]Incorrect syntax near 'SERVICES'. ) )
数组([0] =>数组([0] => 42000 [SQLSTATE] => 42000 [1] => 102 [代码] => 102 [2] => [Microsoft] [SQL Server Native Client 11.0] [SQL Server]'SERVICES'附近的语法不正确。[message] => [Microsoft] [SQL Server Native Client 11.0] [SQL Server]'SERVICES'附近的语法不正确。
If there are spaces in the tablename you should run the query like this: $sql = "SELECT * FROM dbo.[DATABASE COMPANY SERVICES]"; 如果表名中有空格,则应这样运行查询:$ sql =“ SELECT * FROM dbo。[数据库公司服务]”; Not sure what you are trying to do with $employee, because php sees it as a variable and tries to paste fill it in there (I think here $employee being NULL).
不确定您要使用$ employee做什么,因为php将其视为变量,然后尝试将其粘贴到其中(我认为$ employee为NULL)。
Try to switch 尝试切换
$sql = "SELECT * FROM Dbo.DATABASE COMPANY SERVICES$Employee";
with 同
$sql = 'SELECT * FROM Dbo.[DATABASE COMPANY SERVICES$Employee]';
Because php thinks $Employee is a variable if you use double quotes. 因为php认为$ Employee是变量,如果您使用双引号。 The [] is used to tell the database that the table name is
DATABASE COMPANY SERVICES$Employee
otherwise the space will indicate the start of another sql command or variable. []用于告诉数据库表名称为
DATABASE COMPANY SERVICES$Employee
否则该空间将指示另一个sql命令或变量的开始。
Try not to use spaces in table names btw, it avoids confusion. 尽量不要在表名btw中使用空格,这样可以避免混淆。
You need to escape the $
character with \\$
, as php treats it as first character ov a variable. 您需要使用
\\$
转义$
字符,因为php将其视为变量的第一个字符。 Try this: 尝试这个:
$sql = "SELECT * FROM Dbo.[DATABASE COMPANY SERVICES\$Employee]";
EDIT: 编辑:
To avoid escapingg you could also use single quotes '
instead of double quotes "
. Then PHP does not resolve variables within the string. ( see this question ) 为了避免转义,您还可以使用单引号
'
而不是双引号"
。然后PHP不会解析字符串中的变量。( 请参阅此问题 )
$sql = 'SELECT * FROM Dbo.[DATABASE COMPANY SERVICES$Employee]';
2nd EDIT: 第二次编辑:
To concatenate two strings use .
要连接两个字符串,请使用
.
operator like this: 像这样的运算符:
$foo = "Hello ";
$bar = $foo."world!"; // gives "Hello world!"
As you can read within the answer linked within the first edit "
double quotes resolve variables inbetween, while '
single quotes don't. your possible solution could be like this: 正如你可以第一个编辑中联合答案中读出
"
双引号解决其间的变数,而'
单引号不要你可能的解决办法是这样的:
$query = 'SELECT [First Name] AS firstName, [Last Name] AS lastName
FROM Dbo.[DATABASE COMPANY SERVICES$Employee]
WHERE [Employee Number] = 15 OR [E-Mail] = \''.mssql_escape($mail).'\'';
But you should NEVER directly send a GET parameter top your sql server. 但是,您永远不要直接在SQL Server顶部直接发送GET参数。 Anybody could infiltrate your database or even delete it.
任何人都可以渗透您的数据库,甚至删除它。 Therefore you should add a escape function like this one or consider using another db-library like PDO and build parameterized queries.
因此,您应该添加一个像这样的转义函数,或者考虑使用另一个数据库库(例如PDO)并构建参数化查询。 It might me sufficient to escape single quotes within the variable with another single quote like this:
我可能足以用另一个单引号将变量内的单引号转义,如下所示:
function mssql_escape($str) {
return str_replace("'", "''", $str);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.