I've wrote this function to read from my MySQL database. This works in most cases, but if it comes to a row with umlauts or characters like "" it returns "0 results".
function leseAntwort($FrageID, $AntwortID){
$sql = "SELECT antwort_text FROM antwort WHERE frage_id=$FrageID AND id=$AntwortID";
$result = connect()->query($sql);
if ($result->num_rows > 0) {
$antwort = $result->fetch_row();
connect()->close();
return $antwort[0];
} else {
connect()->close();
return "0 results";
}
}
[UPDATE]
I tried this, but there is no difference between the results.
function leseAntwort($FrageID, $AntwortID){
$frage=$FrageID;
$antwort=$AntwortID;
global $mysqli;
if ($stmt = $mysqli->prepare("SELECT antwort_text FROM antwort WHERE frage_id=? AND id=?")){
$stmt->bind_param("ii", $frage, $antwort);
$stmt->execute();
$stmt->bind_result($d);
$stmt->fetch();
return $d;
$stmt->close();
$mysqli->close();
} else {
echo "Error";
}
}
you have an SQL Injection in your SQL Statement. PLZ use Prepared Statements http://php.net/manual/de/mysqli.quickstart.prepared-statements.php After that you can use utf-8 Chars in your Params.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.