我有一个简单的 PHP/MySQL 精神药物数据库网站。一切工作正常,直到用户在搜索字符串中的任意位置添加单引号。我收到此错误:
Fatal error: Uncaught Error: Call to a member function fetch() on boolean in /home/psychoph/public_html/connection.php:76 Stack trace: #0 /home/psychoph/public_html/index.php(70): include() #1 {main} thrown in /home/psychoph/public_html/connection.php on line 76
我试过这个:$generic = $dbc->real_escape_string($generic);
无济于事( $generic
是分配给用户输入的变量)...我收到此错误:
Fatal error: Uncaught Error: Call to undefined method PDO::real_escape_string() in /home/psychoph/public_html/connection.php:12 Stack trace: #0 /home/psychoph/public_html/index.php(70): include() #1 {main} thrown in /home/psychoph/public_html/connection.php on line 12
任何指导将不胜感激。我真的只需要从用户输入中删除单引号,但不知道如何操作。
这是connection.php的代码:
<?php
$dbc = new PDO(
"mysql:host=173.236.101.74;dbname=psychoph_psychopharm",
'psychoph_knasky',
'#######');
try {
$results = $dbc->query("
SELECT *
FROM drugs
WHERE generic = '$generic'
OR brand = '$generic'
"); // this method call returns the query results and places it into $results
} catch (Exception $e) {
echo "Unable to retrieve results";
exit;
}
try {
$side_effects = $dbc->query("
SELECT se.side_effect
FROM side_effects AS se
JOIN jnct_drug_side_effects AS jse ON se.id = jse.side_effect
JOIN drugs AS d ON jse.drug = d.id
WHERE generic = '$generic'
OR brand = '$generic'
");
} catch (Exception $e) {
echo "Unable to retrieve results";
exit;
}
try {
$indications = $dbc->query("
SELECT i.indication
FROM indications AS i
JOIN jnct_drug_indications AS ji ON i.id = ji.indication
JOIN drugs AS d ON ji.drug = d.id
WHERE generic = '$generic'
OR brand = '$generic'
");
} catch (Exception $e) {
echo "Unable to retrieve results";
exit;
}
try {
$oi_indications = $dbc->query("
SELECT oi.indication
FROM ol_indications AS oi
JOIN jnct_ol_drug_indications AS joi ON oi.id = joi.indication
JOIN drugs AS d ON joi.drug = d.id
WHERE generic = '$generic'
OR brand = '$generic'
");
} catch (Exception $e) {
echo "Unable to retrieve results";
exit;
}
$row = $results->fetch(PDO::FETCH_ASSOC);
$se_row = $side_effects->fetchAll(PDO::FETCH_COLUMN, 0);
$print_se = implode(", ", $se_row);
$ind_row = $indications->fetchAll(PDO::FETCH_COLUMN, 0);
$print_ind = implode(", ", $ind_row);
$oi_ind_row = $oi_indications->fetchAll(PDO::FETCH_COLUMN, 0);
$print_ol_ind = implode(", ", $oi_ind_row);
?>
为了澄清我的问题,我没有任何 SQL 注入(inject)问题。这不是一个包含任何需要保护的数据的网站(除非有人真的想在某个随机网站上为精神科医生更改左洛复的半衰期)。我只是想让这个发挥作用。我是一名医生,试图构建一个有用的网络工具,并且不喜欢查询中的单引号向用户返回错误消息。有一个简单的解决办法吗?我不是程序员 - 我只是想学习足够的知识来使这个网站正常运行。谢谢大家!
最佳答案
关于php - 从搜索栏中的用户输入中删除单引号,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43175091/