我正在尝试将MySQL列数据分配给php变量,以便我可以通过电子邮件发送。它运行查询,在数据库中查找匹配的电话号码,然后返回行/列数据。一些变量是通过短信引入这个PHP脚本的,如果你想知道他们为什么不在mysql的东西。当我在浏览器中运行时,我在while语句中收到错误,但我感觉我的SELECT语句不正确。谢谢!
<?php
session_start();
//$to_number_back = $_GET['to_number'];
$to_number_back = "+15551212";
$dcsrep = array();
$name = array();
$date = array();
$amount = array();
$digits = array();
$details = array();
//include_once("scripts/connect_to_mysql.php");
$servername = "****";
$username = "****";
$password = "****";
$dbname = "****";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare('SELECT dcsrep, name, date, amount, digits, details FROM ***uth WHERE to_number = ?');
$stmt->bind_param('s', $to_number_back);
$result = $stmt->execute();
$stmt->store_result();
while($row = $result->fetch_assoc()) {
$dcsrep[] = $row['dcsrep'];
$name[] = $row['name'];
$date[] = $row['date'];
$amount[] = $row['amount'];
$digits[] = $row['digits'];
$details[] = $row['details'];
}
if($stmt->num_rows > 0){
echo "Records received";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
$from_number = $_GET['from_number'];
$message = $_GET['message'];
$to = "***@global.net";
$from = "admin@d***.com";
$subject = " Payment Authorization";
//// start email body ////
$message1 = "
From: $from_number
To: $to_number
Message:
$dcsrep
$name
$date
$amount
$digits
$details
$message
";
//// Set das headers eh ////
$headers = 'MIME-Version: 1.0' . "rn";
$headers .= "Content-type: textrn";
$headers .= "From: $fromrn";
/// Okay, you send now!
mail($to, $subject, $message1, $headers, '-f admin**ect.com');
echo "it worked";
?>
答案 0 :(得分:3)
你已经在这里使用了mysql,mysqli,过程和面向对象的功能,你需要标准化。
首先,让我们更改$conn
以实例化mysqli connection
的实例并返回一个对象。
$conn = new mysqli($servername, $username, $password, $dbname);
然后进行检查:
if($conn->connect_error){
die("Connection failed: " . $conn->connect_error);
}
现在,您将接受用户输入数据,因此请勿将其直接注入字符串,而应使用prepared statements
。此外,您的号码实际上是一个字符串而不是整数。但是,我们准备好的语句和bind_param调用将处理
$stmt = $conn->prepare('select dcsrep, name, date, amount, digits, details from ****uth where to_number = ?');
现在?
是一个占位符,让我们将数据安全地绑定到它。
$stmt->bind_param('s', $to_number_back);
^--- treat it as a string
大。现在它被安全地消毒了。现在让我们执行语句并遍历返回的结果。
$result = $stmt->execute();
while($row = $result->fetch_assoc()){
$dcsrep[] = $row['dcsrep'];
$name[] = $row['name'];
$date[] = $row['date'];
$amount[] = $row['amount'];
$digits[] = $row['digits'];
$details[] = $row['details'];
}
现在你可以按照你的意愿继续。
修改强>
您也不应该担心$conn->query($sql) === TRUE
。相反,您应该存储请求,然后评估返回的行数。
您需要在调用->execute();
$result = $stmt->execute();
$stmt->store_result();
现在您可以检查num行,而不是查询是否为真。
if($stmt->num_rows > 0){
//do your stuff, query found results.
} else {
//die out
}