好的,所以我有一个简单的博客系统,我正在设置。下面是它的工作原理:
<?php require('includes/config.php');
//SELECT * FROM blogs WHERE username LIKE '$query'
$username = intval($_GET['username']);
$results = mysql_query("SELECT * FROM blogs WHERE username=$username");
while ($row = mysql_fetch_array($results))
{
$date = $row['date'];
echo $date; //Outputs: 2
$post = $row['post'];
echo $post; //Outputs: 2
}
?>
的cookie中抓取)
<?php
ob_start();
session_start();
//set timezone
date_default_timezone_set('America/New-York');
//database credentials
define('DBHOST','REDACTED');
define('DBUSER','REDACTED');
define('DBPASS','REDACTED');
define('DBNAME','REDACTED');
//application address
define('DIR','http://REDACTED/');
define('SITEEMAIL','REDACTED');
try {
//create PDO connection
$db = new PDO("mysql:host=".DBHOST.";charset=utf8mb4;dbname=".DBNAME, DBUSER, DBPASS);
//$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);//Suggested to uncomment on production websites
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);//Suggested to comment on production websites
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
} catch(PDOException $e) {
//show error
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
exit;
}
//include the user class, pass in the database connection
include('classes/user.php');
include('classes/phpmailer/mail.php');
$user = new User($db);
?>
1/2/2018:
blablablablablablablablablablablablablablabla
2018年4月6日 bdcpprbirv2brviov2ugtiog2rfip2rgui23rgu3riph2eirvph2v
我对如何进行提交页面有一个相对好的想法,但我在查看页面时遇到了麻烦。这是我的尝试(包括config.php)
Veiw.php
Warning: mysql_query(): No such file or directory in REDACTED/veiw.php on line 5
Warning: mysql_query(): A link to the server could not be established in REDACTED/veiw.php on line 5
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in REDACTED/veiw.php on line 6
的config.php
$username = intval($_GET['username']);
$results = $db->prepare("SELECT * FROM `blogs` WHERE `username` = '"$username"'");
$results->bindValue('username', intval($_GET['username']), PDO::PARAM_INT);
$results->execute();
while ($row = $results->fetch()) {
echo nl2br ("\n");
$date = $row['date'];
echo $date;
echo nl2br ("\n");
$post = $row['post'];
echo $post;
echo nl2br ("\n ________________________________________________________________________");
}
我知道config.php有效,但我的用户在https://www.code-u.org/thecollective/veiw.php?username=REDACTED等网址中对其进行测试会返回
With .DataSource
.FirstRecord = wdDefaultFirstRecord
.LastRecord = wdDefaultLastRecord
End With
更新了查询:
public open(event) {
// attach event to button
this.count = this.count + 1;
console.log('this.count--->' + this.count);
if (this.count % 3 == 0) {
// apply new style
console.log('multiple of 3--->' + this.count);
this.multipleOf3 = true;
}
else {
this.multipleOf3 = false;
}
}
它返回页面,但没有结果。
答案 0 :(得分:0)
在config.php
中使用PDO建立数据库连接,然后在view.php
中使用普通mysql_query进行查询(无法访问mysql_query
您提供给PDO对象的数据库详细信息)。
(旁注:$results = $db->prepare('
SELECT *
FROM blogs
WHERE username = :username
');
$results->bindValue('username', intval($_GET['username']), PDO::PARAM_INT);
$results->execute();
while ($row = $results->fetch()) {
$date = $row['date'];
echo $date;
$post = $row['post'];
echo $post;
}
已弃用 - 已在PHP 7中删除 - 因此,如果您现在正在学习PHP,则不应使用它。)
以下是使用您创建的PDO对象查询的内容:
def main_app():
return tornado.web.Application([
(r"/reg", register),
(r"/account", account),
])
在mysql_ *查询上使用PDO是有益的,因为(对于一个)它们支持预处理语句(如上面使用bindValue函数所示),这意味着即使使用直接用户输入,您的查询也将受到SQL injection的保护(正如你在这里所做的那样)。