[英]Store a value in variable from Postgres SQL query in PHP
I have a variable from input:我有一个来自输入的变量:
$local1 = $_REQUEST['local1'];
I have tried this:我试过这个:
$latitude1 = pg_query($db, "SELECT latitude FROM local_publico WHERE nome=$local1;");
val1 = pg_fetch_result($latitude1, 0, 0);
Being that the query returns aa row with a single column.因为查询返回一个单列的行。 However, whenever I try to use the variable $val1
, it doesn't work, even a simple echo()
.但是,每当我尝试使用变量$val1
,它都不起作用,即使是简单的echo()
。
New to SQL, I appreciate any kind of help! SQL 新手,我感谢任何帮助!
This should work:这应该有效:
$local1 = $_REQUEST['local1'];
$latitude1 = pg_query($db, "SELECT latitude FROM local_publico WHERE nome=$local1;");
$val1 = pg_fetch_result($latitude1);
However, the above code is susceptible to SQL Injection.但是,上面的代码容易受到 SQL 注入的影响。 You should do something like this instead:你应该做这样的事情:
$local1 = $_REQUEST['local1'];
$result = pg_prepare($db, 'my_query', 'SELECT latitude FROM local_publico WHERE nome = $1');
$result = pg_execute($db, 'my_query', [$local1]);
$val1 = pg_fetch_result($result);
You can read more about SQL Injections here .您可以在此处阅读有关 SQL 注入的更多信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.