問(wèn)題描述
我有一個(gè)網(wǎng)站可以輕松生成 ProFTPD 用戶.現(xiàn)在,我正在保護(hù)我的網(wǎng)站免受 sql 注入攻擊,為此,我將所有 mysqli 查詢更改為帶有準(zhǔn)備好的語(yǔ)句的 pdo 查詢.
但是我還是沒(méi)弄明白,如何將sql查詢結(jié)果保存在變量中.
<預(yù)><代碼>...用戶名=$_POST['用戶名'];...$pdo = new PDO('mysql:host=localhost;dbname='db', 'root', 'PW');$query1= $pdo->prepare('select * from users where userid=:username');$query1->execute(array('username' => $username));foreach($query1 作為 $row){$result= $row->userid;}if($result == $username){echo "用戶名已被占用";}當(dāng)我運(yùn)行這段代碼時(shí),變量 $result 是 emtpy.
我希望有人能幫助我.
提前致謝.
你應(yīng)該使用 PDOStatement::fetch http://php.net/manual/en/pdostatement.fetch.php
I have a website to easily generate ProFTPD users. And now, I am securing my website against sql injection attacks, to do that I am changing all mysqli queries to pdo queries with prepared statements.
But I still couldn't find out, how to save sql query results in variable.
.
.
.
username=$_POST['username'];
.
.
.
$pdo = new PDO('mysql:host=localhost;dbname='db', 'root', 'PW');
$query1= $pdo->prepare('select * from users where userid=:username');
$query1->execute(array('username' => $username));
foreach($query1 as $row)
{
$result= $row->userid;
}
if($result == $username)
{
echo "Username is already taken";
}
When I run this code, the variable $result is emtpy.
I hope somebody could help me.
Thanks in advance.
You should use PDOStatement::fetch http://php.net/manual/en/pdostatement.fetch.php
這篇關(guān)于Php mysql pdo 查詢:用查詢結(jié)果填充變量的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!