我被告知我的脚本容易受到攻击并将其更改为PDO。我已经开始使用它并且它正常工作,但在 test.php 页面顶部显示如下。
Array ( [name] => matthew [email] => ''@aol.com [order] => shipped [status] => AU1776 )
如何在没有数组和所有字符的情况下依次呈现此数据?
pdo脚本:
<?php
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name="members"; // Table name
$db = new PDO('mysql:host='.$host.
';dbname='.$db_name.
';charset=UTF-8',
$username, $password);
$stmt = $db->prepare('SELECT * FROM `members` WHERE `username`=:username LIMIT 1');
print_r($result);
?>
答案 0 :(得分:0)
而不是:
print_r($result);
使用此:
echo "The is: ".$result['name'].", and mail is: ".$result['email']." . Status: ".$result['status'];
------------ EDIT --------------------
要在输入类型文本上显示这些结果:
<input type="text" name="test" value="<?php echo $result['name']; ?>" />
----------- EDIT2 ---------------------
非常基本的例子:
<?php
$email = "someone@exa mple.com";//change this line to $email = $_POST['textfield'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
echo "E-mail is not valid"; //comment this echo and put a header(fail.html)
}
else
{
echo "E-mail is valid"; //comment this echo and do al pdo stuff
}
?>