我有两个php页面,第一个 index.php ,如下所示
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Site Title</title>
</head>
<body align="right">
<h4 align="right">Site Title<br>Subtitle</h4>
<form action="acc_data.php" method="post">
<input type="text" name="ACCNUM"> Account Number</br>
<input type="submit" value="Search">
</form>
</body>
</html>
和 acc_data.php 如下所示
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Site Title</title>
</head>
<?php
$conn = oci_connect('admin', 'admin', 'localhost/JDT','AL32UTF8');
if (!$conn) {
$e = oci_error();
trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}
// Prepare the statement
$sqlstr = 'SELECT CUSTOMER_ID,CUST_NAME,PHONE1 FROM customers where CUSTOMER_ID=:ACCNUM';
$stid = oci_parse($conn,$sqlstr);
$ACCNUM = $_POST['ACCNUM'];
oci_bind_by_name($stid, ':ACCNUM', $ACCNUM);
oci_execute($stid);
// Fetch the results of the query
print "<table style=width:75% align=center border=1>
<tr><th>Account Number</th>
<th>Name</th>
<th>Phone</th></tr>";
while ($row = oci_fetch_array($stid, OCI_ASSOC+OCI_RETURN_NULLS))
{
print "<tr>";
foreach ($row as $item)
{
print "<td align=center>" . ($item !== null ? htmlentities($item, ENT_QUOTES) : " ") . "</td>";
}
print "</tr>\n";
}
print "</table>\n";
oci_free_statement($stid);
oci_close($conn);
?>
</body>
</html>
第一页中的用户将输入其数据并将值传递给另一个要在服务器处理的php页面并返回结果
问题1: 我应该做任何安全改进吗? 问题2: 如果没有行返回如何停止执行并回显用户消息?答案 0 :(得分:0)
PHP Oracle API没有提供只返回结果集中行数的函数。我可以看到告诉我们选择了多少行的唯一方法是在打印任何内容之前获取所有行。因此,请使用oci_fetch_all一次获取所有行。
$count = oci_fetch_all($stid, $rows, null, null, OCI_FETCHSTATEMENT_BY_ROW + OCI_ASSOC);
if ($count == 0) {
Print "No results found";
} else {
print "<table style=width:75% align=center border=1>
<tr><th>Account Number</th>
<th>Name</th>
<th>Phone</th></tr>";
foreach ($rows as $row) {
...
}
print "</table>\n";
}