我想读取用户数据。但结果显示为
<块引用>试图绑定参数号 65536。SQL Server 支持的最大值 2100 个参数。
这是我的 login.php 代码(先用硬代码测试)
<?php
header("Content-type: application/json");
include_once 'Database.php';
include_once 'master.php';
//$username = $_GET['username'];
//$password = $_GET['password'];
$username = "angela123";
$password = "admin123";
// get database connection
$database = new Database();
$db = $database->getConnection();
$login = new Master($db);
$stmt = $login->Login($username, $password);
?>
这里是使用参数用户名和密码登录的功能
public function Login($username,$password)
{
// select all query
try {
$sqlsrvquery = ("
EXEC [dbo].[GetAllAdmin2]
@username = ':username',
@password = ':password',
");
// prepare query statement
$stmt = $this->conn->prepare($sqlsrvquery);
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$admin_arr = array(
"username" => $row['username'],
"password" => $row['password'],
);
}
if ($row = 0) {
$admin_arr = array(
"status" => false,
"message" => "Invalid Get Data Admin!",
);
}
} catch (Exception $e) {
print_r($e->getMessage());
}
print_r(json_encode($admin_arr));
}
这段代码发生了什么?实际上结果在带有 SP 的 SQL Server 上正常工作 这是登录SP
ALTER Procedure [dbo].[GetAllAdmin2]
(
@username varchar(55),
@password varchar(55)
)
as
begin
SELECT username, password
FROM Admin
WHERE username = @username and password = @password
and status = 'Active';
END
执行 SP 时,输出应显示用户名和密码
username password
angela123 admin123
这里是database.php
<?php
class Database
{
// specify your own database credentials
private $host = "DESKTOP-N550JK\SQLEXPRESS";
private $user = "sa";
private $database = "Library";
private $password = "sqlserver123";
public $conn;
// get the database connection
public function getConnection(){
try {
$this->conn = new PDO("sqlsrv:Server=" .$this->host . ";database=" . $this->database, $this->user, $this->password);
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $exception) {
echo "Connection error: " . $exception->getMessage();
die("Database Connection Error");
}
return $this->conn;
}
}
?>
有什么解决办法吗?谢谢
答案 0 :(得分:1)
您以错误的方式使用参数绑定,您需要删除占位符(:password
和 <?php
...
// Statement
$sqlsrvquery = "
EXEC [dbo].[GetAllAdmin2]
@username = :username,
@password = :password
";
$stmt = $this->conn->prepare($sqlsrvquery);
// Parameter bindings
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
// Statement execution
$stmt->execute();
...
?>
)周围的引号。如 documetation 中所述,语句模板可以包含零个或多个命名 (:name) 或问号 (?) 参数标记,在执行语句时将替换这些参数标记.
?
另一个示例,使用 <?php
...
// Statement
$sqlsrvquery = "
EXEC [dbo].[GetAllAdmin2]
@username = ?,
@password = ?
";
$stmt = $this->conn->prepare($sqlsrvquery);
// Parameter bindings
$stmt->bindParam(1, $username, PDO::PARAM_STR);
$stmt->bindParam(2, $password, PDO::PARAM_STR);
// Statement execution
$stmt->execute();
...
?>
参数标记:
public string s3DirectoryName = "myDirectory";
string filename = s3DirectoryName + "tes_folder" + "/" + "tes_file.pdf";