我试图将这些数据提取到一个while循环中,并且根本没有返回任何内容,任何想法都错了吗?
代码:
<?php
if(isset($_GET['id'])){
require('include/db.php');
require('include/init.php');
if(isset($_GET['id']) && is_numeric($_GET['id'])){
$userid = $odb->real_escape_string($_GET['id']);
$result3 = $odb->prepare("SELECT * FROM users where ID = :id");
$result3->bindValue(":id", $userid);
$result3->execute();
while($row3 = $result3->fetch_array(MYSQLI_ASSOC)){
$username=$row['username'];
$email=$row['email'];
$rank=$row['rank'];
$membership=$row['membership'];
$expire=$row['expire'];
$status=$row['status'];
echo "
Username: ".$username."<br />
Email: ".$email."<br />
Rank: ".$rank."<br />
Membership: ".$membership."<br />
Expire: ".$expire."<br />
Status: ".$status."<br />
";
}
} else {
echo "You did not enter an ID!";
}
?>
如果您需要任何信息,请告诉我们!
答案 0 :(得分:4)
由于您使用的是PDO,因此必须更新某些功能。您可以准备并绑定值,而不是mysql_escape_string()
,而PDO将逃避一切。另外,fetch_array()
应为fetch()
,MYSQLI_ASSOC
应为PDO::FETCH_ASSOC
。
<?php
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
if($id) {
require('include/db.php');
require('include/init.php');
// Prepare && Binding will take care of escaping the string
$result = $odb->prepare("SELECT * FROM users where ID = :id");
$result->bindValue(":id", $id);
$result->execute();
while($row = $result->fetch(PDO::FETCH_ASSOC)) {
$username = $row['username'];
$email = $row['email'];
$rank = $row['rank'];
$membership = $row['membership'];
$expire = $row['expire'];
$status = $row['status'];
echo "
Username: ".$username."<br />
Email: ".$email."<br />
Rank: ".$rank."<br />
Membership: ".$membership."<br />
Expire: ".$expire."<br />
Status: ".$status."<br />
";
}
} else {
echo "You did not enter an ID!";
}
?>