[英]PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]:
Sorry am getting this errors in my errors logs 抱歉,我的错误日志中出现此错误
PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1' in /home/payassur/public_html/admin/index.php:13
Stack trace:
#0 /home/payassur/public_html/admin/index.php(13): PDO->query('SELECT * FROM u...')
#1 {main}
thrown in /home/payassur/public_html/admin/index.php on line 13
below is line 13 下面是第13行
$query = $db->query("SELECT * FROM users WHERE id = $u_id");
You're query is open to SQL injection , people have figured this out and thus are trying to inject the database. 您正在查询是否可以进行SQL注入 ,人们已经弄清楚了这一点,因此正在尝试注入数据库。 That is why you having those errors in your error log.
这就是为什么您在错误日志中出现这些错误的原因。 You should start using prepared statements to prevent SQL injections
您应该开始使用准备好的语句来防止SQL注入
if (isset($u_id) && trim($u_id) != '') {
$stmt = $db->prepare('SELECT * FROM users WHERE id = :u_id');
$stmt->exectue(array('u_id' => $u_id,));
$result = $stmt->fetchAll();
}else{
$results = [];
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.