我已经看了几个小时的相同代码,试图找出我的查询无效的原因。我在下面列出的两个是不起作用的两个。
$getRequestIdQuery = "SELECT request_id
FROM request_table
WHERE request_key = '$requestKey'
AND sort_order = $so";
$getRequestId = $pdo->prepare($getRequestIdQuery);
$getRequestId->execute();
foreach($getRequestId as $idRow)
{
$requestId = $idRow['request_id'];
}
// This will update the ready status of the request id returned above
$updateReadyStatusQuery = "UPDATE request_table
SET request_ready = 1
WHERE request_id = $requestId";
$updateReadyStatus = $pdo->prepare($updateReadyStatusQuery);
$updateReadyStatus->execute();
只要文件副本返回true,上面就会运行。我已经确定它正在运行,因为在每次测试运行期间都会显示上面显示的错误日志。我也确定有问题的查询有效,因为我已成功运行phpmyadmin中的查询(因为它显示在错误日志中)。以下是代码片段,只有几行以上才能正确运行:
$checkForComposedQuery = "SELECT *
FROM composed_files
WHERE file_source_id = '$fsi'
AND file_number = '$fn'";
$checkForComposed = $pdo->prepare($checkForComposedQuery);
$checkForComposed->execute();
有关可能导致此操作不起作用的任何提示?如果有帮助,上述两个片段都会出现在foreach循环中。
提前非常感谢。
更新:
以下内容包含的代码包含Charles在下面添加的建议:
$gotCopied = copy($sourceHymnFile, $destHymnFile);
if ($gotCopied == true) {
error_log("The file has been successfully copied.");
$idRow;
$getRequestIdQuery = "SELECT request_id
FROM request_table
WHERE request_key = ?
AND sort_order = ?";
$getRequestId = $pdo->prepare($getRequestIdQuery);
$getRequestId->execute(array($requestKey, $so));
error_log("this is the value of request key : ".$requestKey);
// Displays correct $requestKey value
error_log("This is the value of sort order : ".$so);
// Displays correct $so value
$idRow = $getRequestId->fetch(PDO::FETCH_ASSOC);
$requestId = $idRow['request_id'];
error_log("This is the value of the request id : ".$requestId);
// No output in error log for $requestId above
// This will update the ready status of the request id returned above
$updateReadyStatusQuery = "UPDATE request_table
SET ready = 1
WHERE request_id = ?";
error_log("This updates the status of the song request if the song is played : ".$updateReadyStatusQuery);
$updateReadyStatus = $pdo->prepare($updateReadyStatusQuery);
$updateReadyStatus->execute(array($requestId));
}
以下正确运行输入的常量:
if ($gotCopied == true) {
error_log("The file has been successfully copied.");
$idRow;
$getRequestIdQuery = "SELECT request_id
FROM request_table
WHERE request_key = ?
AND sort_order = ?";
$getRequestId = $pdo->prepare($getRequestIdQuery);
$getRequestId->execute(array(5, 2));
error_log("this is the value of request key : ".$requestKey);
error_log("This is the value of sort order : ".$so);
$idRow = $getRequestId->fetch(PDO::FETCH_ASSOC);
$requestId = $idRow['request_id'];
error_log("This is the value of the request id : ".$requestId);
// No output in error log for $requestId above
// This will update the ready status of the request id returned above
$updateReadyStatusQuery = "UPDATE request_table
SET ready = 1
WHERE request_id = ?";
error_log("This updates the status of the song request if the song is played : ".$updateReadyStatusQuery);
$updateReadyStatus = $pdo->prepare($updateReadyStatusQuery);
// This execute works correctly if a value is set for $requestId
$updateReadyStatus->execute(array($requestId));
}
答案 0 :(得分:2)
这里有两个问题。
首先,占位符和绑定。您的代码易受SQL注入攻击。 PDO包含一个有助于缓解此威胁的工具。
$getRequestIdQuery = "SELECT request_id
FROM request_table
WHERE request_key = ? -- new!
AND sort_order = ?";
$getRequestId = $pdo->prepare($getRequestIdQuery);
$getRequestId->execute(array($requestKey, $so));
查询中的?是占位符。传递给execute的数组提供了任何占位符的替换列表。它们会根据需要自动转义和引用。
其次,您正在错误地检索结果。您需要在语句句柄上调用fetch method(或fetchAll method)。例如:
$idRow = $getRequestId->fetch(PDO::FETCH_ASSOC);
$requestId = $idRow['request_id'];
请注意,这里没有循环。您之前的循环会产生多个结果,但它会在每个循环中覆盖相同的变量。看起来你只期望一个结果,所以你只需要担心一个结果。
我们还应该更新您的其他查询以使用占位符。
$updateReadyStatusQuery = "UPDATE request_table
SET request_ready = 1
WHERE request_id = ?";
$updateReadyStatus = $pdo->prepare($updateReadyStatusQuery);
$updateReadyStatus->execute(array($requestId));
......和你的第三个......
$checkForComposedQuery = "SELECT *
FROM composed_files
WHERE file_source_id = ?
AND file_number = ?";
$checkForComposed = $pdo->prepare($checkForComposedQuery);
$checkForComposed->execute(array($fsi, $fn));