在Heroku上使用php访问clearDB数据库时查询错误
[英]query error when access clearDB database using php on Heroku
问题描述
I can access clearDB database well by using Mysql Workbench. 
我可以使用Mysql Workbench很好地访问clearDB数据库。
But when I query database by using php on Heroku, it always fail. 但是当我在Heroku上使用php查询数据库时,它总是失败。
This is my code: 这是我的代码:
$url=parse_url(getenv("CLEARDB_DATABASE_URL"));
$dbhost = $url["host"];
$dbuser = $url["user"];
$dbpass = $url["pass"];
$dbname = substr($url["path"],1);
mysqli_connect($dbhost, $dbuser, $dbpass);
mysqli_select_db($dbname);
$sql = "SELECT * FROM `user_info` WHERE `user_account`='".$user_account."'";
$result = mysqli_query($sql) or die('MySQL query error');
user_account is a table in the database, $user_account is a input variable from client user user_account是数据库中的表,$ user_account是来自客户端用户的输入变量
help me thanks 帮帮我谢谢
1 个解决方案
解决方案1
0 已采纳 2014-12-05 14:48:34
You're not passing the link to mysqli_query() . 您没有将链接传递给mysqli_query() 。 You need to either do that, or use the object oriented style and call query() on the connection. 您需要这样做,或者使用面向对象的样式并在连接上调用query() 。
You also have a possible SQL injection there, because $user_account could contain " foo' OR 1 OR ' ", returning all rows (and that's just a simple, not very evil case), so you should escape that using mysqli_real_escape_string() , or even better, use prepared statements. 您还可能在其中进行SQL注入,因为$user_account可能包含“ foo' OR 1 OR ' ,并返回所有行(这只是一个简单的例子,不是很邪恶的情况),因此您应该使用mysqli_real_escape_string()进行mysqli_real_escape_string() ,或者更好的是,使用准备好的语句。
Finally, instead of or die() , how about extracting error information properly, or even configuring mysqli to throw exceptions? 最后,代替or die() ,如何正确提取错误信息,甚至配置mysqli引发异常呢?
<?php
$url = parse_url(getenv("CLEARDB_DATABASE_URL"));
$server = $url["host"];
$username = $url["user"];
$password = $url["pass"];
$db = substr($url["path"], 1);
$conn = new mysqli($server, $username, $password, $db);
$sql = "SELECT * FROM `user_info` WHERE `user_account`='".$conn->real_escape_string($user_account)."'";
if($result = $conn->query($sql)) {
foreach($result as $row) {
// ...
}
} else {
throw new Exception($conn->error);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.