PHP' sqlsrv_query'资源中为null

时间:2016-04-16 05:13:25

标签: php sql-server 

<?php

class Database {

protected $server;

function __construct($sql_server) {

    $this->server = $sql_server;

}

public function connect() {

    $connect = sqlsrv_connect($this->server, ["Database" => "ACCOUNT_DBF"]); // Windows Auth

    if(!$connect) { die(print_r(sqlsrv_errors(), true)); }
    else { echo "Connection established!"; }

}

public function userExists($data) {

    $query  = sqlsrv_query($his->server, "SELECT * FROM ACCOUNT_TBL where account = '$data'");

    if(!$query) { die(print_r(sqlsrv_errors(), true)); }
    else { echo "Bind success."; }

}

}

$db = new Database("YNCA\SQLEXPRESS");

$db->connect();
$db->userExists("bush");

?>

$ db-&gt; userExists(&#34; bush&#34;);在参数中给我一个空资源,我无法弄明白为什么。所以,我将一个有效的参数字符串传递给userExists函数中的$ data。

编辑:使用最后一段代码修正了它:

<?php

class Database {

    protected $server, $connect;    

    function __construct($sql_server) {

        $this->server = $sql_server;

    }

    public function connect() {

        $this->connect = sqlsrv_connect($this->server, ["Database" => "ACCOUNT_DBF"]); // Windows Auth

        if(!$this->connect) { die(print_r(sqlsrv_errors(), true)); }
        else { echo "Connection established!"; }

    }

    public function userExists($data) {

        $query = sqlsrv_query($this->connect, "SELECT * FROM ACCOUNT_TBL where account = ?", ["$data"]);

        if(!$query) { die(print_r(sqlsrv_errors(), true)); }
        else { echo "Bind success."; }

    }

}

$db = new Database("YNCA\SQLEXPRESS");

$db->connect();
$db->userExists("bush");

?>

2 个答案:

答案 0 :(得分:2)

将连接资源存储到对象属性中,并将其传递给sqlsrv_query而不是$his->server。如果此时传递服务器字符串是正确的,$his->server$this->server

中也会出现拼写错误 
class Database {
  protected
    $server,
    $connection
  ;

// ...

public function connect() {
  $this->connection = sqlsrv_connect($this->server, ["Database" => "ACCOUNT_DBF"]); // Windows Auth
  // ...
}

public function userExists($data) {
  $query  = sqlsrv_query($his->connection, "SELECT * FROM ACCOUNT_TBL where account = '$data'");
  // ...
}

答案 1 :(得分:1)

您在$his->server中正在function userExists($data)。应为$this->server

这应该是评论。我只是想提一下sqlsrv_query

使用sqlsrv_可以轻松获得参数化查询。只需将查询更改为:

$query  = sqlsrv_query($this->server
    , "SELECT *
        FROM ACCOUNT_TBL
        WHERE account = ?"
    , array($data));

让其他人独自一人。 (额外的空格是可选的;)

如果您不知道,参数化查询有助于防止SQL注入攻击。甚至&#34;偶然&#34; SQL注入就像人们的名字一样(想想&#34; O&#39; Neil&#34; :)。 This question explains why with examples for PDO and mysqli.仍适用。

相关问题
最新问题