Ive been studying "the missing manual" by brett m. Its out of date. I.ve been replacing mysql func. Thats not the problem. I run an if statement to match a sql command using preg match. Before the if I set a var to true. If preg match returns a match, var is then changed to false. If does not run. Script executes to mysqli_fetch. Please help.
$return_rows=true;
If(preg_match("/^\s*(CREATE|INSERT|UPDATE|DELETE|DROP)/i", $query_text))
{
$return_rows=false;
}
If($return_rows)
{
While($row=mysqli_fetch_row($result)){ echo $row[0]; }
}
else{ echo "query processed"; }
mysqli_close($u);
Just cover the SELECT
query. cause SELECT
is the main query of requesting data from database.
if( strtolower( substr( trim( $query_str ) ) , 0, 6) == "select"){
// SELECT query is being requested
while($row=mysqli_fetch_row($result)){ echo $row[0]; }
else{ echo "query processed"; }
mysqli_close($u);
Now, you can continue your works without any problems
Instead of using an if
to only update your $return_rows
in one of the cases, assign the regex match result directly:
$return_rows = !preg_match("/^\s*(CREATE|INSERT|UPDATE|DELETE|DROP)/i", $query_text);
The !
here is a negation. You might want to use a more appropriate variable name instead.
Then use your if
check to fetch rows, or print a message else:
if ($return_rows) {
// fetch rows
}
else {
// no fetching
}
Also consider using PDO instead of mysqli. It's way less circuitous with parameter binding.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.