我试图从我的数据库中获取数据,但它没有给我任何输出。它只显示“所有费用”。我的代码如下:
<?php
include 'preCode.php';
include 'header.php';
echo '<body><div class="standardLayout">';
include 'systemMenu.php';
echo '<h4>All Charges</h4>';
$user = unserialize($_SESSION['user']);
echo $query = "SELECT * FROM billingItems WHERE userID=' " . $user-> userID . " ' ORDER BY deliveryTimestamp DESC";
$result = mysqli_query($db, $query);
while ($row = mysqli_fetch_array($result)) {
echo $row['type'] . '<br>' .
'Cost: $' . $row['amount'] . '<br>' .
' Finalized: ' . $row['deliveryTimestamp'] ;
}
echo '</div></body></html>';
$_SESSION['user'] = serialize($user);
include 'footer.html';
?>
这是 echo $query;
的输出:
All Charges object(user)#2 (11) { ["orders"]=> NULL ["fName"]=> string(6) "kimmie" ["lName"]=> string(4) "kaur" ["address"]=> string(10) "6768bbnmmn" ["phone"]=> string(11) "66767798898" ["email"]=> string(6) "kimmie" ["userID"]=> string(3) "108" ["password"]=> string(4) "kaur" ["passwordX"]=> NULL ["amountOwed"]=> string(1) "0" ["zip"]=> string(6) "768798" } SELECT * FROM billingItems WHERE userID=' 108 ' ORDER BY deliveryTimestamp DESC
最佳答案
在我看来,你的查询构建是一个问题,因为这个
$query = "SELECT * FROM billingItems WHERE userID=' " . $user-> userID . " ' ORDER BY deliveryTimestamp DESC";
如果 ID 是“bob”,则会为您提供此信息。
SELECT * FROM billingItems WHERE userID=' bob ' ORDER BY deliveryTimestamp DESC
您在 ID 周围嵌入了空格,这与列的内容不匹配。
更安全的方法是使用准备好的语句并绑定(bind)参数,这样您就不会遇到此类错误。它还可以保护您免受 SQL 注入(inject)的侵害。有关详细信息,请参阅此问题:How can I prevent SQL-injection in PHP?
关于php - 数据未从 MySQL 数据库获取,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31276768/