dongxikuo5171 2017-12-27 06:34
浏览 63

如何使用pdo prepare语句实现此目的

In mysqli server I use this code below to select column specified by the url code:

       include "init.php";

       $get=$_GET["action"];

       $sql = mysqli_query($conn, "SELECT * FROM $get ORDER BY id DESC LIMIT 6");

       $productCount = mysqli_num_rows($sql); // count the output amount

       if ($productCount > 0) 
       {

       while($row = mysqli_fetch_array($sql)){

       $id = $row["id"];

       $jjode = $row["code"];

       $product_name = $row["network"];

       $details = $row["details"];

       $logo = $row["logo"];

       $price = $row["price"];

       }

i try using it in my pdo server like code:

       include "init.php";

       $get=$_GET["action"];

       $sql = $conn->prepare("SELECT id,code,network,details,logo,price FROM $get ORDER BY id DESC LIMIT 6");

       $sql->execute();

       $row = $sql->fetchAll();
        if(count($row) > 0)

       {

       $id = $row["id"];

       $jjode = $row["code"];

       $product_name = $row["network"];

       $details = $row["details"];

       $logo = $row["logo"];

       $price = $row["price"];

       }

but it did not output a better result please how do i achieve that using pdo thanks in advance

  • 写回答

1条回答 默认 最新

  • dongni9825 2017-12-27 06:42
    关注

    Both of code listings are not safe. Use whitelist for $get.

    You should loop result of fetchAll

    $rows = $sql->fetchAll();
foreach ($rows as $row)

{

   $id = $row["id"];

   $jjode = $row["code"];

   $product_name = $row["network"];

   $details = $row["details"];

   $logo = $row["logo"];

   $price = $row["price"];

}
    评论

报告相同问题?

悬赏问题

  • ¥15 用hfss做微带贴片阵列天线的时候分析设置有问题
  • ¥50 我撰写的python爬虫爬不了 要爬的网址有反爬机制
  • ¥15 Centos / PETSc / PETGEM
  • ¥15 centos7.9 IPv6端口telnet和端口监控问题
  • ¥120 计算机网络的新校区组网设计
  • ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作
  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 海浪数据 南海地区海况数据,波浪数据
  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等