[英]Issue converting mySQLi SELECT query to PDO with prepared statements
如何在PDO中使用需要POST请求输入的准备好的语句在PDO中重写以下简单的SELECT
mySQL PHP脚本,然后使用PDO重写。
<?php
// Create connection
$con=mysqli_connect("localhost","username","password","dbname");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$FieldInput = $_POST['FieldInput'];
$return = ['error' => false];
$sql = "SELECT Field1, Field2
from Table1 WHERE (Field3 = '$FieldInput')";
$result = mysqli_query($con, $sql);
if($result && $result->num_rows > 0){
$return['error'] = true;
}
mysqli_close($con);
echo json_encode($return);
?>
PDO中的输出必须遵循相同的原理
{"error":true}
如果找到记录并
{"error":false}
如果找不到记录。
到目前为止,这是我尝试过的:
我认为WHERE子句的语法不正确,因为POST的输入永远不会到达查询
<?php
$mysqli = new mysqli("server", "username", "password", "database_name");
// TODO - Check that connection was successful.
$unsafe_variable = $_POST["user-input"];
$stmt = $mysqli->prepare("SELECT Field1, Field2 from Table1 WHERE ( Field3 = ? ) );
// TODO check that $stmt creation succeeded
// "s" means the database expects a string
$stmt->bind_param("s", $unsafe_variable);
$stmt->execute();
$stmt->close();
$mysqli->close();
?>
这就是你想要的
<?php
// Create connection
$con=mysqli_connect("localhost","username","password","dbname");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$return = ['error' => false];
$query = 'SELECT Field1, Field2
from Table1 WHERE (Field3 =?)';
$stmt = $con->prepare($query);
$stmt->bind_param("s", $fieldinput);
$fieldinput = $_POST['FieldInput'];
if ($stmt->execute()) {
if ($stmt->rowCount() > 0) {
$return['error'] = true;
}
}
$stmt->close();
mysqli_close($con);
echo json_encode($return);
?>
万一你需要所有行的东西
while ($row = $stmt->fetch()) {
print_r($row);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.