这个PHP代码:
$sql = 'SELECT name FROM author WHERE id = :id';
$s = $pdo->prepare($sql);
echo $_POST['id'];
$s->bindValue(':id', $_POST['id']);
$s->execute();
$result = $s->fetchAll();
print_r($result);
输出:
1 Array ( )
如果不是在sql查询中使用:id,我只使用' 1',这是$ _POST [' id']的值:
$sql = 'SELECT name FROM author WHERE id = 1'; //for testing purposes
$s = $pdo->prepare($sql);
echo $_POST['id'];
$s->bindValue(':id', $_POST['id']);
$s->execute();
$result = $s->fetchAll();
print_r($result);
代码输出:
1 Array ( [0] => Array ( [name] => Kevin Yank [0] => Kevin Yank ) )
预期结果如何。看到$ _POST [' id']的值是1是正确的(代码中的回声),我不明白这是什么问题。也许你们可以帮助我? 干杯
编辑,html / form:
<ul>
<?php foreach ($authors as $author):?>
<li>
<form action="" method="post">
<div>
<p>
<?php echo htmlout($author['name']); ?>
</p>
<input type="hidden" name="id" value="
<?php echo $author['id'] ?>">
<input type="submit" name="action" value="Delete">
</div>
</form>
</li>
<?php endforeach; ?>
编辑2: 在不同的表上使用相同的语法,我不明白为什么:
$sql = 'SELECT id FROM joke WHERE authorid = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
$result = $s->fetchAll();
print_r($result);
有桌子: 作者表(代码不能处理的表):
+-------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+--------------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| name | varchar(255) | YES | | NULL | |
| email | varchar(255) | YES | | NULL | |
+-------+--------------+------+-----+---------+----------------+
笑话表(代码适用于此):
+----------+---------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+---------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| joketext | text | YES | | NULL | |
| jokedate | date | NO | | NULL | |
| authorid | int(11) | YES | | NULL | |
+----------+---------+------+-----+---------+----------------+
作者表上的行:
+----+------------+-----------------------+
| id | name | email |
+----+------------+-----------------------+
| 1 | Kevin Yank | thatguy@kevinyank.com |
| 2 | Joan Smith | joan@example.com |
+----+------------+-----------------------+
我真的不明白。
答案 0 :(得分:0)
您必须过滤ID为数字或Alpha。
<?php
if(isset($_POST['id'])){
//Replace your Code by Ajmal Praveen
$id = $_POST['id']; //If you Need filter? sanitize or i can help u
//PDO prepared statement against Sql injection and Speed
$sql = "SELECT name FROM author WHERE id = :id";
$s = $pdo->prepare($sql);
$s->bindValue(':id', $id);
$s->execute();
//fetching it
$result = $s->fetch(PDO::FETCH_ASSOC);
}
echo $result['id'];
echo $result['name'];
?>
你需要从db中获取什么
使用$result['bla bla']
答案 1 :(得分:0)
问题在于您如何在HTML中的值字段中打印ID:
<input type="hidden" name="id" value="
<?php echo $author['id'] ?>">
实际上会打印出以空格开头的ID,换行符和值中的缩进,因此您基本上会尝试匹配此查询:
SELECT name FROM author WHERE id = '
1'
修复HTML(我建议):
<input type="hidden" name="id" value="<?php echo $author['id'] ?>">
或者只是在您使用它时修剪该值:
$s->bindValue(':id', trim($_POST['id']));
我在你的问题中用原始代码尝试了这个,这确实为我修复了它。