当我运行代码和 var 转储结果时,它给出 bool false。我打字时犯了一个错误,在右侧数字键盘上按住了shift和0,它回响了http://sales/form2.php在输入框中。我将其间隔开并输入了正确的信息,它按预期工作。我不知道是代码还是我的系统Ubuntu 18.10
<?php
/*include ('includes/validation.php');*/
include ('includes/validationmysql.php');
/*$dbh = new PDO("pgsql:host=$host;dbname=$dbname", $dbuser, $dbpass);*/
$dbh = new PDO('mysql:host=localhost;dbname=sales', $dbuser, $dbpass);
if(!$dbh) {
echo "Error : Unable to open database\n";
} else {
echo "Opened database successfully\n";
}
if(isset($_POST["custID"])){
$custID=$_POST["custID"];
$sql = $dbh->prepare("SELECT CustFirstName, CustLastName, CustAddress, CustCity, CustState, CustZip, CustCellPhone
FROM customers WHERE custID = '".$custID."'");
$sql->execute();
$result = $sql->fetch(PDO::FETCH_ASSOC);
var_dump($custID);
var_dump($result);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Form</title>
</head>
<body>
<h1>Figure It Out</h1>
<form action="" method="post">
<p>CustomerID <input type="text" name="custID" value="<?php echo $custID; ?> " size="5"><input type="submit" name="submit" value="submit"></p>
<textarea>
<?php
echo $result['CustFirstName']. ' ' . $result['CustLastName']. "\n";
echo $result['CustAddress']. "\n";
echo $result['CustCity']. ' ' . $result['CustState']. ' ' . $result['Custzip']. "\n";
echo $result['CustCellPhone'];
?>
</textarea>
</form>
</body>
</html>
最佳答案
您很容易受到 SQL 注入(inject)攻击,因为您未正确使用准备好的语句。
$sql = $dbh->prepare("SELECT CustFirstName, CustLastName, CustAddress, CustCity, CustState, CustZip, CustCellPhone
FROM customers WHERE custID = '".$custID."'");
$sql->execute();
$result = $sql->fetch(PDO::FETCH_ASSOC);
必须阅读如下:
$sql = $dbh->prepare("SELECT CustFirstName, CustLastName, CustAddress, CustCity, CustState, CustZip, CustCellPhone
FROM customers WHERE custID = ? ");
$sql->execute([$custID]);
$result = $sql->fetch(PDO::FETCH_ASSOC);
关于PHP PDO 返回 bool false 排序,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55431779/