参数传递(PHP)

时间:2010-09-06 23:01:27

标签: php sql

我正在尝试在数据库中选择一条记录。我遇到了函数runSelect的问题(函数是选择数据库中的记录)我相信它可能与我如何在函数中传递我的变量有关。

    function select($pUserData){
        echo "I am in function select." . "<br/>";
        // Create the SQL query
        $sqlQuery = "SELECT * FROM tablName WHERE id= " . $pUserData[0];

        $con = openConnection();

        $result = $con->query($sqlQuery);

        $row = $result->fetch_row();

        echo "hello";

        echo "ID: " . $row[0] . "<br />";
        echo "First Name: " . $row[1] . "<br />";

        // Close connection
        closeConnection($con);          
    }                

    function openConnection() {
        $connection = new mysqli("localhost", "userName", "password", "databaseName");
        if ( mysqli_connect_errno() ) {
            echo "Error: Could not connect to database.  Please try again later. " . "<br/>";
        }

        echo "in openConnection" . "<br/>";         

        return $connection;
    }

    function closeConnection($pCon) {
        $pCon->close(); 
    }
    ?>

4 个答案:

答案 0 :(得分:5)

  1. 您的代码对SQL注入开放......
  2. 仅提供函数所需的数据,而不是整个输入数组。
  3. 如果将来有多个查询,则为每个查询连接和断开连接都是低效的。让PHP在退出时与数据库断开连接,直到需要对其进行微控制(可能永远不会),并且您可以更好地管理资源。
  4. 在程序开头用var_export或var_dump打印$ _POST的内容。
  5. 在runSelect函数中打印$ result-&gt; num_rows。
  6. 添加如下几行:

    echo '<p>' . __LINE__ . '</p>';
    

答案 1 :(得分:1)

我在代码中做了一些更改以避免错误,并且还进行了一些后备处理。这些变化有解释他们的评论。我调试以下代码并且工作正常。

<?php
    init();

    function init(){
        // Retrieve and store data from form
        $uData = getData();

        // Take an action based on value from user
        switch($uData[5]){
            case "select":
                runSelect($uData);
                echo "I need to select";
                break;
            case "insert":
                runInsert($uData);
                echo "I need to runInsert" . "<br/>";
                break;
            case "update":
                runUpdate($uData);
                echo "I need to runUpdate" . "<br/>";
                break;
            case "delete":
                runDelete($uData);
                break;
            default:
                break;
        }

    } // end init()

    function getData() {
        $id_num = isset($_REQUEST["id_num"]) ? $_REQUEST["id_num"] : "1"; //if no id is pass let's assume that the user wants the record with id 1
        $first_name= isset($_REQUEST["first_name"]) ? $_REQUEST["first_name"] : "";
        $last_name = isset($_REQUEST["last_name"]) ? $_REQUEST["last_name"] : "";
        $major = isset($_REQUEST["major"]) ? $_REQUEST["major"] : "";
        $year = isset($_REQUEST["year"]) ? $_REQUEST["year"] : "";
        $action = isset($_REQUEST["action"]) ? $_REQUEST["action"] : "select"; //assume the default action as select

        $userData = array($id_num, $first_name, $last_name, $major, $year, $action);

        return $userData;
    }

    //function runSelect -------------------------------------------------------------------------------------------------
    function runSelect($pUData){
        echo "I am in runSelect" . "<br/>";
        // Create the SQL query
        $sqlQuery = "SELECT * FROM tblStudents WHERE id= " . $pUData[0];

        // Create the connection
        $con = getConnection();

        // Execute query and save results
        $result = $con->query($sqlQuery);

        // Display results
        $row = $result->fetch_row();

        echo "hello";

        echo "ID: " . $row[0] . "<br />";
        echo "First Name: " . $row[1] . "<br />";

        // Close connection
        closeConnection($con);

    }



    //function getConnection -------------------------------------------------------------------------------------------------
    function getConnection() {
        $connection = new mysqli("localhost", "userName", "password", "databaseName");
        if ( mysqli_connect_errno() ) {
            echo "Error: Could not connect to database.  Please try again later. " . "<br/>";
        }

        echo "in getConnection" . "<br/>";


        return $connection;
    }

    //function closeConnection -------------------------------------------------------------------------------------------------
    function closeConnection($pCon) {
        $pCon->close(); 
    }
    ?>

答案 2 :(得分:1)

基于到目前为止的评论,听起来好像查询没有返回结果(它被设置为FALSE)。因此,当您尝试获取该行时,您将收到致命的PHP错误,但您已关闭错误输出,因此您看不到它。

检查$ result的值,如果为FALSE,请检查错误是什么:

http://www.php.net/manual/en/mysqli.error.php

答案 3 :(得分:0)

请注意$ _POST仅检索已经POST到脚本的参数(通常通过表单提交)。对于通过URL传入的参数,它们将填充在$ _GET中。如果请求方法(POST或GET)不重要,那么$ _REQUEST可以帮助,因为它填充了POST和GET(和cookie)参数:

http://php.net/manual/en/reserved.variables.php