![](/img/trans.png)
[英]If the result of a select query is empty (no rows) what does the variable hold?
[英]Select returns empty result when injecting a variable in the query string
我嘗試以下PHP代碼:
$db = mysql_connect('localhost', 'root','');
mysql_select_db('mydatabase',$db);
$sql = 'SELECT id from user where name = \''.$my_name.'\'';
//$sql = 'SELECT id from user where name=\'Some Name \'';
echo $sql.'<br>';
$req= mysql_query($sql) or die('Erreur SQL !<br>'.$sql.'<br>'.mysql_error());
$data = mysql_fetch_assoc($req);
mysql_close();
if($data) {
echo 'id from database= '.$data['id'].'<br>';
$id = $data['id'];
}
但是它永遠不會輸入if($data)
語句。 如您所見,我嘗試打印sql請求; 如果我將其復制粘貼到mysql數據庫中,它將返回預期的ID。
請注意,變量$ my_name不為空,並且具有正確的數據。 更奇怪的是,如果我取消注釋:
//$sql = 'SELECT id from user where name=\'Some Name \'';
它有效,並且$my_name
的數據為“ Some Name” ...
我在我的代碼中提出了其他要求,除此要求外,其他要求均正常。
最后注:該變量來自extern python腳本:
$command = escapeshellcmd('python /var/my_script.py '.$id_for python);
$my_name = shell_exec($command);
echo htmlspecialchars($my_name).'<br>';
因此,從python腳本返回的數據和在mysql請求中使用它之間似乎有些不合時宜...
實際上,這應該是python腳本的問題。 我什至不能從python的數據庫中插入數據:
import operator
import sys
import MySQLdb
from BeautifulSoup import BeautifulSoup, Comment, BeautifulStoneSoup
bugs = ""
username = "username";
password = "passwd#";
display = Display(visible=0, size = (800, 600))
display.start()
driver=webdriver.Chrome()
driver.get('somesite')
driver.find_element_by_name('ctl00$contextHolder$Login_name').send_keys(username)
driver.find_element_by_name('ctl00$contextHolder$Login_password').send_keys(password)
driver.find_element_by_name('ctl00$contextHolder$LoginButton').click()
display = Display(visible=0, size = (800, 600))
display.start()
driver=webdriver.Chrome()
driver.get('somesite')
driver.find_element_by_name('ctl00$contextHolder$Login_name').send_keys(username)
driver.find_element_by_name('ctl00$contextHolder$Login_password').send_keys(password)
driver.find_element_by_name('ctl00$contextHolder$LoginButton').click()
try:
driver.get('https://somesite/SearchTicketPr.aspx')
driver.find_element_by_name('ctl00$MainContent$SearchTickets$TB_TicketId').send_keys(sys.argv[1])
driver.find_element_by_name('ctl00$MainContent$SearchTickets$B_Search').click()
soup = driver.find_element_by_xpath("//*").get_attribute("outerHTML")
reporter = soup.split('ctl00_MainContent_DG_TicketList_ctl03_L_EscalationFlg">')[1].split('</td><td>')[4]
# We need to insert the reporter and mantis id directly in database
#For Linux, this is a casual package (python-mysqldb). (You can use sudo apt-get install python-mysqldb in command line to download.)
db = MySQLdb.connect(host="localhost", # your host, usually localhost
user="root", # your username
passwd="", # your password
db="myDB") # name of the data base
# you must create a Cursor object. It will let
# you execute all the queries you need
cur = db.cursor()
sql_req= "INSERT INTO ticket (number, username) VALUES ('" + sys.argv[1] + "', '" + reporter + "')"
print sql_req
# Use all the SQL you like
cur.execute(sql_req)
print reporter
<pre> <code>
except:
driver.quit()
display.stop()
raise
這樣可以正確打印報告的變量,打印的sql請求也可以很好地打印。 沒有錯誤信息,但是數據沒有插入數據庫中。
編碼可能有問題嗎?
嘗試這個 :
...
$sql = "SELECT id from user where name = '".$my_name."'";
...
如果第一行由於$my_name
var包含非法字符或類似內容而給您錯誤,則應在與sql請求一起發送之前驗證它。
那是因為您的查詢是錯誤的,請更改此:
$sql = 'SELECT id from user where name = \''.$my_name.'\'';
至:
$sql = "SELECT id from user where name = '$my_name'";
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.