很抱歉我在错误日志中收到此错误
PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1' in /home/payassur/public_html/admin/index.php:13
Stack trace:
#0 /home/payassur/public_html/admin/index.php(13): PDO->query('SELECT * FROM u...')
#1 {main}
thrown in /home/payassur/public_html/admin/index.php on line 13
以下是第13行
$query = $db->query("SELECT * FROM users WHERE id = $u_id");
答案 0 :(得分:0)
您的查询对SQL injection开放,人们已经想到这一点,因此正在尝试注入数据库。这就是您在错误日志中出现这些错误的原因。您应该开始使用prepared statements来阻止SQL注入
if (isset($u_id) && trim($u_id) != '') {
$stmt = $db->prepare('SELECT * FROM users WHERE id = :u_id');
$stmt->exectue(array('u_id' => $u_id,));
$result = $stmt->fetchAll();
}else{
$results = [];
}