我有一个网址代表:http://website.com/update.php?id= {NUMBER}
我如何让PDO从特定ID中获取结果? 这是我对update.php页面的尝试:
try {
$dbh = new PDO("mysql:host=$hostname;dbname=vector",$username,$password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this line
$id = $_GET['id'];
$sql = "SELECT * FROM users WHERE id = '. $id .'";
foreach ($dbh->query($sql) as $row)
{
?>
<?php echo $row['username']; ?>
<?php
}
$dbh = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>
注意:-
查询$sql = "SELECT * FROM users WHERE id = '. $id .'";是错误的
它必须是: - $sql = "SELECT * FROM users WHERE id =$id";
但尝试使用prepared statements的PDO来防止SQL INJECTION
try {
$dbh = new PDO("mysql:host=$hostname;dbname=vector",$username,$password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this line
$id = $_GET['id'];
$sth = $dbh->prepare("SELECT * FROM users WHERE id = ?");
$sth->execute(array($id));
$data = $sth->fetchAll(PDO::FETCH_ASSOC);
print_r($data); // check values are coming or not and then try to print it
$dbh = null;
}catch(PDOException $e){
echo $e->getMessage();
}
我认为您的错误是在您的SQL中,您的报价有点混淆......
$sql = "SELECT * FROM users WHERE id = '. $id .'";
很可能会给你一个SQL语句,就像...
SELECT * FROM users WHERE id = '. 1 .'
您应该像其他人指出的那样使用预准备语句和绑定变量,但在这种情况下......
$sql = "SELECT * FROM users WHERE id = $id";
应该管用。
我假设你的ID是一个数字,所以不要使用= 'id'
你也应该使用准备好的声明来防范SQL injection attacks
$sql = "SELECT * FROM users WHERE id = :id";
$bind = array( 'id' => $id );
$sth = $dbh->prepare($sql);
$sth->execute($bind);
$rows = $sth->fetchAll(PDO::FETCH_ASSOC);
foreach ($rows as $row) {
...
}