如何從php頁面傳遞參數值

Question

DELIMITER $$

DROP PROCEDURE IF EXISTS `users` $$
CREATE DEFINER=`root`@`localhost` PROCEDURE `users`(in id int(25))
BEGIN

    declare empcode varchar(25);

    set empcode=(select emp_code from transaction_user_register where t_reg_id=id);

    delete from transaction_user_register where t_reg_id=id and emp_code=empcode;

    update user_register set active='2' where reg_id=id and emp_code=empcode;


END $$

DELIMITER ;

如何從PHP頁面傳遞ID。...

我從php頁面調用程序
我不知道如何傳遞參數值...

我寫的頁面像

<? require_once"db.php";
echo $id = $_REQUEST['t_reg_id'];

$connt = mysql_connect($server1, $user1, $pass1, $dbname1) or die ("__construct() Function Problem => ". mysqli_error());
$resr= mysql_query($connt,"CALL users('$id')"); 
mysql_close($connt);




echo "Cron Job Run Succesfully........";

?>

Answer 1

由於您使用的是mysqli使用准備好的語句，而不是插補查詢字符串，這使您的代碼可廣泛用於sql注入。

話雖這么說，您的代碼可能看起來像

<?php
require_once('db.php');
$id = $_REQUEST['t_reg_id'];

$db = new mysqli($server1, $user1, $pass1, $dbname1);
if (!$db) {
    die('Could not connect: ' . $db->connect_error);
}
$stmt = $db->prepare('CALL users(?)');
if (!$stmt) {
    die('Prepare failed: ' . $db->error); 
}
$stmt->bind_param('i', $id); // that's assuming id is an integer value
if(!$stmt->execute()) {
    die('Execute failed: ' . $db->error);
}
$stmt->close()
$db->close();

...