我正在将我的代码转换为PDO,以使我的网站不那么脆弱
这是我的代码,根据这里的另一篇文章,这应该有效:
$stmt = $handler->prepare("SELECT * FROM news ORDER BY date DESC LIMIT 5");
$run = $stmt->execute();
if(!$run){
echo 'sorry';
}
while($row = $query->fetch(PDO::FETCH_ASSOC)){
echo $row['title'];
$article_id = $row['article_id'];
$user_id = $row['user_id'];
$title = $row['title'];
$content = $row['content'];
$date = $row['date'];
$stmt2 = $handler->prepare("SELECT * FROM users WHERE id = :id");
$stmt2->bindParam(':id',$id);
$stmt2->execute();
$row2 = $stmt2->fetch(PDO::FETCH_ASSOC);
$user_name = $row2['username'];
$title2 = str_replace(" ","-",$title);
echo '<div class="row">
<div class="col-lg-12"><h3 class="para"><a class="para" href="http://news.red-sec.net/article/'.$article_id.'/'.$title2.'">'.$title.'</a></h3>
<p class="para">Written by: '.$user_name.'</p>
</div>
我想回复$ row ['title'];看它是否有效,但它没有回应任何东西所以我猜测某处有一个错误。
编辑:
它没有回应抱歉,所以我知道该声明正在运行......
答案 0 :(得分:2)
您正在fetch
变量上运行$query
方法。尝试在$stmt
对象上运行它
像这样:
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
//your code here
}