我尝试以下 PHP 代码:
$db = mysql_connect('localhost', 'root','');
mysql_select_db('mydatabase',$db);
$sql = 'SELECT id from user where name = \''.$my_name.'\'';
//$sql = 'SELECT id from user where name=\'Some Name \'';
echo $sql.'<br>';
$req= mysql_query($sql) or die('Erreur SQL !<br>'.$sql.'<br>'.mysql_error());
$data = mysql_fetch_assoc($req);
mysql_close();
if($data) {
echo 'id from database= '.$data['id'].'<br>';
$id = $data['id'];
}
但它永远不会进入 if($data)
语句。
正如你所看到的,我尝试打印 sql 请求;如果我将其复制粘贴到 mysql 数据库,它会返回预期的 ID。
请注意,变量 $my_name 不为空并且具有正确的数据。更奇怪的是,如果我取消注释该行:
//$sql = 'SELECT id from user where name=\'Some Name \'';
它有效,并且 $my_name
中的数据是“Some Name”...
我在代码中提出了其他请求,除了这个之外,一切都工作正常。
最后注意:变量取自外部 python 脚本:
$command = escapeshellcmd('python /var/my_script.py '.$id_for python);
$my_name = shell_exec($command);
echo htmlspecialchars($my_name).'<br>';
因此,从 python 脚本返回的数据与在 mysql 请求中使用它之间似乎存在问题......
编辑
其实应该是python脚本的问题。我什至无法从 python 将数据插入数据库:
import operator
import sys
import MySQLdb
from BeautifulSoup import BeautifulSoup, Comment, BeautifulStoneSoup
bugs = ""
username = "username";
password = "passwd#";
display = Display(visible=0, size = (800, 600))
display.start()
driver=webdriver.Chrome()
driver.get('somesite')
driver.find_element_by_name('ctl00$contextHolder$Login_name').send_keys(username)
driver.find_element_by_name('ctl00$contextHolder$Login_password').send_keys(password)
driver.find_element_by_name('ctl00$contextHolder$LoginButton').click()
display = Display(visible=0, size = (800, 600))
display.start()
driver=webdriver.Chrome()
driver.get('somesite')
driver.find_element_by_name('ctl00$contextHolder$Login_name').send_keys(username)
driver.find_element_by_name('ctl00$contextHolder$Login_password').send_keys(password)
driver.find_element_by_name('ctl00$contextHolder$LoginButton').click()
try:
driver.get('https://somesite/SearchTicketPr.aspx')
driver.find_element_by_name('ctl00$MainContent$SearchTickets$TB_TicketId').send_keys(sys.argv[1])
driver.find_element_by_name('ctl00$MainContent$SearchTickets$B_Search').click()
soup = driver.find_element_by_xpath("//*").get_attribute("outerHTML")
reporter = soup.split('ctl00_MainContent_DG_TicketList_ctl03_L_EscalationFlg">')[1].split('</td><td>')[4]
# We need to insert the reporter and mantis id directly in database
#For Linux, this is a casual package (python-mysqldb). (You can use sudo apt-get install python-mysqldb in command line to download.)
db = MySQLdb.connect(host="localhost", # your host, usually localhost
user="root", # your username
passwd="", # your password
db="myDB") # name of the data base
# you must create a Cursor object. It will let
# you execute all the queries you need
cur = db.cursor()
sql_req= "INSERT INTO ticket (number, username) VALUES ('" + sys.argv[1] + "', '" + reporter + "')"
print sql_req
# Use all the SQL you like
cur.execute(sql_req)
print reporter
<pre> <code>
except:
driver.quit()
display.stop()
raise
这会正确打印报告的变量,打印的sql请求也打印得很好。没有错误消息,但数据未插入数据库。
可能是编码有问题?
最佳答案
试试这个:
...
$sql = "SELECT id from user where name = '".$my_name."'";
...
如果第一行给你一个错误,因为你的 $my_name
var 包含非法字符或类似的东西,你应该在使用 sql 请求发送它之前验证它。
关于php - 在查询字符串中注入(inject)变量时,Select 返回空结果,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26713961/