doubairan4213 2015-07-19 18:13
浏览 44
已采纳

无法使用PDO连接到MySQL服务器[重复]

This question already has an answer here:

I'm trying to prevent SQL injection using PDO, but I can't seem to connect. This is the working version - not SQL injection safe:

<html>
    <head>
    <title>Insert data into database</title>
    </head>
    <body>
    <?php


    session_start();
    $_SESSION['name'] = $_POST['name'];

    // Connect to database server
    mysql_connect("localhost", "********", "********") or die(mysql_error());

    // Select database
    mysql_select_db("mydatabase") or die(mysql_error());

    // The SQL statement is built

    $strSQL = "INSERT INTO mytable(name) VALUES('" . $_POST["name"] . "')";

    // The SQL statement is executed 
    mysql_query($strSQL) or die (mysql_error());



    // Close the database connection
    mysql_close();

    echo "Your name is " . $_POST["name"] ; 

    ?>

    </body>
    </html>

This is working just fine. I read these pages on how to use PDO to protect against SQL injection attacks:

http://www.w3schools.com/php/php_mysql_connect.asp

http://www.w3schools.com/sql/sql_injection.asp

and wrote the following code following the guideline:

<html>
    <head>
    <title>Insert data into database</title>
    </head>
    <body>
    <?php


    session_start();
    $_SESSION['name'] = $_POST['name'];

    $servername = "localhost";
    $username = "********";
    $password = "********";

    try {
        $conn = new PDO("mysql:host=$servername, dbname=mydatabase", $username, $password);
        // set the PDO error mode to exception
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        echo "Connected successfully";
        }
    catch(PDOException $e)
        {
        echo "Connection failed: " . $e->getMessage();
        }

    echo "You have connected to the database server with PDO"

    // The SQL statement is built
    $stmt = $dbh->prepare("INSERT INTO mytable (name)
    VALUES (:name)");
    $stmt->bindParam(':name', $_POST['name']);
    $stmt->execute();


    // Close the database connection
    mysql_close();

    echo "Your name is " . $_POST["name"] ; 

    ?>

    </body>
    </html>

But this code just gives me a blank page - no error message and nothing inserted into the database.

I also tried doing the connection as described in

http://www.stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php

but the result was the same - a blank page without error messages.

What am I doing wrong?

</div>
  • 写回答

1条回答 默认 最新

  • dongzhuo3376 2015-07-19 18:19
    关注

    You're using the wrong variable for $stmt = $dbh->prepare

    which should be $conn and not $dbh as per your connection.

    Having used error reporting, would have signabled an undefined variable dbh notice/warning.

    You also can't use mysql_close(); with PDO as you are mixing APIs, which you can't do.

    See Example #3 Closing a connection of "Connections and Connection" in the manual http://php.net/manual/en/pdo.connections.php

    Another thing session_start(); is best to be above anything. You may be outputting before header.

    Edit: You forgot a semi-colon in this line:

    echo "You have connected to the database server with PDO"
    

    which should read as

    echo "You have connected to the database server with PDO";
    

    which will break your code.

    Error reporting would also have caught that syntax/parse error.

    Add error reporting to the top of your file(s) which will help find errors.

    <?php 
    error_reporting(E_ALL);
    ini_set('display_errors', 1);
    
    // rest of your code
    

    Sidenote: Error reporting should only be done in staging, and never production.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 模拟电路 logisim
  • ¥15 PVE8.2.7无法成功使用a5000的vGPU,什么原因
  • ¥15 is not in the mmseg::model registry。报错,模型注册表找不到自定义模块。
  • ¥15 安装quartus II18.1时弹出此error,怎么解决?
  • ¥15 keil官网下载psn序列号在哪
  • ¥15 想用adb命令做一个通话软件,播放录音
  • ¥30 Pytorch深度学习服务器跑不通问题解决?
  • ¥15 部分客户订单定位有误的问题
  • ¥15 如何在maya程序中利用python编写领子和褶裥的模型的方法
  • ¥15 Bug traq 数据包 大概什么价