准备好的声明PDO可能是小错误

时间:2016-05-05 09:40:38

标签: php pdo

重写所有我的数据库查询,以便他们准备好并使用PDO(在我使用mysqli之前),以便它们可以防止sql注入。现在我是PDO的新手,所以它可能是一个我没看到的小错误,所以我希望你们可以帮助我,因为这段代码不起作用。 

 <?php

        function getUserBalance($steamid)
        {
            include 'settings.php';

            $conn = new PDO("mysql:host="$servername";dbname="$dbname"", $username, $password);
            $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 



            $sql = $conn->prepare("SELECT balance FROM users WHERE steamid= :steamid");


            $stmt = $conn->prepare($sql); 
            $stmt->bind_param(":steamid", $steamid, PDO::PARAM_STR);
            $stmt->execute(); 



            while($row = $stmt->fetch(PDO::FETCH_ASSOC)) 
            { 
                return $row['balance'];
            } 

        }
         $stmt->close();


    ?>

2 个答案:

答案 0 :(得分:1)

更改此行 

compile 'com.android.support:recyclerview-v7:23.2.1'

到此 

$conn = new PDO("mysql:host="$servername";dbname="$dbname"", $username, $password);

答案 1 :(得分:1)

Okey现在我把它改成了新的PDO(“mysql:host = $ servername; dbname = $ dbname”,$ username,$ password);移动了$ stmt-&gt; close();在函数(oops)中,并将bind_param更改为bindParam,Thx家伙现在正在使用

<?php
    include 'ChromePhp.php';

    function getUserBalance($steamid)
    {
        include 'settings.php';
        $db = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
        $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 


        $sql = "SELECT balance FROM users WHERE steamid= :steamid";
        $stmt = $db->prepare($sql); 

        $stmt->bindParam(':steamid', $steamid, PDO::PARAM_STR); 

        $stmt->execute(); 



        while($row = $stmt->fetch(PDO::FETCH_ASSOC)) 
    { 
        return $row['balance'];
    } 
        $stmt->close();

    }


?>
相关问题
最新问题