[英]php mysql assigning variables to column data
I'm trying to assign MySQL column data to php variables so I can then send via email. 我正在尝试将MySQL列数据分配给php变量,以便随后可以通过电子邮件发送。 It runs a query looking for a matching phone number in database and then returns the row/column data. 它运行查询以在数据库中查找匹配的电话号码,然后返回行/列数据。 Some of the variables are being brought in via a text message to this php script in case you're wondering why they are not in the mysql stuff. 如果您想知道为什么它们不在mysql内容中,则一些变量通过文本消息被引入到该php脚本中。 I'm getting an error at the while statement when I run in browser but I have a feeling my SELECT statement isn't right. 在浏览器中运行时,while语句出现错误,但我感觉我的SELECT语句不正确。 Thanks! 谢谢!
<?php
session_start();
//$to_number_back = $_GET['to_number'];
$to_number_back = "+15551212";
$dcsrep = array();
$name = array();
$date = array();
$amount = array();
$digits = array();
$details = array();
//include_once("scripts/connect_to_mysql.php");
$servername = "****";
$username = "****";
$password = "****";
$dbname = "****";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare('SELECT dcsrep, name, date, amount, digits, details FROM ***uth WHERE to_number = ?');
$stmt->bind_param('s', $to_number_back);
$result = $stmt->execute();
$stmt->store_result();
while($row = $result->fetch_assoc()) {
$dcsrep[] = $row['dcsrep'];
$name[] = $row['name'];
$date[] = $row['date'];
$amount[] = $row['amount'];
$digits[] = $row['digits'];
$details[] = $row['details'];
}
if($stmt->num_rows > 0){
echo "Records received";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
$from_number = $_GET['from_number'];
$message = $_GET['message'];
$to = "***@global.net";
$from = "admin@d***.com";
$subject = " Payment Authorization";
//// start email body ////
$message1 = "
From: $from_number
To: $to_number
Message:
$dcsrep
$name
$date
$amount
$digits
$details
$message
";
//// Set das headers eh ////
$headers = 'MIME-Version: 1.0' . "rn";
$headers .= "Content-type: textrn";
$headers .= "From: $fromrn";
/// Okay, you send now!
mail($to, $subject, $message1, $headers, '-f admin**ect.com');
echo "it worked";
?>
You've got a hodgeposh of mysql, mysqli, procedural and object oriented functions you're using here, you need to standardize. 您在这里使用的是mysql,mysqli,面向过程和面向对象的函数,需要进行标准化。
First, let's change $conn
to instantiate an instance of a mysqli connection
and return an object. 首先,让我们更改$conn
以实例化mysqli connection
的实例并返回一个对象。
$conn = new mysqli($servername, $username, $password, $dbname);
Then do your checks: 然后进行检查:
if($conn->connect_error){
die("Connection failed: " . $conn->connect_error);
}
Now, you're going to be accepting user input data, so don't directly inject that into the string, instead take advantage of prepared statements
. 现在,您将要接受用户输入的数据,所以不要直接将其输入到字符串中,而要利用prepared statements
。 Furthermore, your number is actually a string and not an integer. 此外,您的数字实际上是一个字符串,而不是整数。 However, our prepared statement and bind_param calls will handle that 但是,我们准备好的语句和bind_param调用将处理该问题
$stmt = $conn->prepare('select dcsrep, name, date, amount, digits, details from ****uth where to_number = ?');
Now the ?
现在?
is a placeholder, let's bind our data safely to it. 是一个占位符,让我们将数据安全地绑定到它。
$stmt->bind_param('s', $to_number_back);
^--- treat it as a string
Great. 大。 Now it's safely sanitized. 现在已安全消毒。 Let's execute the statement now and walk over our returned results. 现在执行语句,遍历返回的结果。
$result = $stmt->execute();
while($row = $result->fetch_assoc()){
$dcsrep[] = $row['dcsrep'];
$name[] = $row['name'];
$date[] = $row['date'];
$amount[] = $row['amount'];
$digits[] = $row['digits'];
$details[] = $row['details'];
}
Now you can proceed as you intend. 现在,您可以按预期进行。
Edit 编辑
You should also not worry about $conn->query($sql) === TRUE
. 您也不必担心$conn->query($sql) === TRUE
。 Instead, you should store the request and then evaluate the number of rows returned. 相反,您应该存储请求,然后评估返回的行数。
You will need to store the result directly after calling ->execute();
调用->execute();
之后,您将需要直接存储结果->execute();
$result = $stmt->execute();
$stmt->store_result();
Now you can check the num rows instead of if the query was true. 现在,您可以检查num行,而不是查询是否为真。
if($stmt->num_rows > 0){
//do your stuff, query found results.
} else {
//die out
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.