简单地,从 mysqli 中的路径搜索和影响图像,就像这样正确工作:
<?php
$DBServer = 'localhost'; // e.g 'localhost' or '192.168.1.100'
$DBUser = 'root';
$DBPass = '';
$DBName = 'water';
$conn = new mysqli($DBServer, $DBUser, $DBPass, $DBName);
// check connection
if ($conn->connect_error) {
trigger_error('Database connection failed: ' . $conn->connect_error, E_USER_ERROR);
}
$image = $GET['image'];
$sql = " SELECT kiti FROM `database` WHERE value LIKE '%$image%' ";
if(!$result = $conn->query($sql)){
die('There was an error running the query [' . $conn->error . ']');
}
$file_path = 'photos/';
while($row = $result->fetch_assoc()){
$src=$file_path.'/'.$row["key"];
echo '<img class="myimg" src="'.$src.'" alt="There ya go" width="100" height="100" />';
}
$conn->close();
?>
但是由于担心sql注入(inject),像准备好的语句一样创建了它,但它没有获取图像,请帮助:
<?php
$DBServer = 'localhost'; // e.g 'localhost' or '192.168.1.100'
$DBUser = 'root';
$DBPass = '';
$DBName = 'water';
$conn = new mysqli($DBServer, $DBUser, $DBPass, $DBName);
// check connection
if ($conn->connect_error) {
trigger_error('Database connection failed: ' . $conn->connect_error, E_USER_ERROR);
}
$image = $GET['image'];
if ($stmt = $conn->prepare("SELECT kiti FROM `database` WHERE value=?")) {
// Bind a variable to the parameter as a string.
$stmt->bind_param("s", $image);
// Execute the statement.
$stmt->execute();
$stmt->bind_result($key);
// Fetch the data.
$stmt->fetch();
$result = $stmt->get_result();
$file_path = 'photos/';
if ($stmt->num_rows >= "1") {
while($row = $result->fetch_assoc()){
$src=$file_path.'/'.$row["key"];
echo '<img class="myimg" src="'.$src.'" alt="There ya go" width="100" height="100" />';
}
}else{
echo "0 records found";
}
// Close the prepared statement.
$stmt->close();
$conn->close();
}
}
?>
我尝试了很多,阅读了更多似乎没有错误但无法指出的帖子。
最佳答案
您应该添加更多错误处理。每个方法调用都可能失败,您的脚本应该对这种情况使用react。
例如。没有 else 分支
if ($stmt = $conn->prepare("SELECT key FROM `database` WHERE value=?")) {
所以,如果准备失败你永远不会知道。我的建议是(默认情况下)首先执行失败分支。
$stmt = $conn->prepare("SELECT key FROM `database` WHERE value=?")
if (!$stmt) {
someErrorHandlingHere();
}
else if ( !$stmt->bind_param("s", $image) ) {
someErrorHandlingHere();
}
else if ( !$stmt->execute() ) {
someErrorHandlingHere();
}
else if ( !$stmt->bind_result($key) ) {
someErrorHandlingHere();
}
else ...
我想知道你的“原始”代码如何工作,因为key
是mysql中的保留字/关键字,请参阅https://dev.mysql.com/doc/refman/5.5/en/keywords.html
关于php - Mysqli准备语句图像获取错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31827618/