猿问

参数化sql查询

我有以下功能,我试图从 SQL 注入中保护,但我不断收到错误,有什么想法吗?


function get_main_info($application_id){


    if (!isset($_SESSION)) session_start();

    $conn = create_connection();

    $user_id = $_SESSION['user_id'];

    $query = "SELECT * from application  where id = :application_id and created_by= :user_id";

    var_dump($application_id);die();


    $row = $conn->query($query)->fetch();

    $row->bindValue(':application_id', $application_id);

    $row->bindValue(':user_id', $user_id);

    return $row;

}


Smart猫小萌
浏览 89回答 1
1回答

素胚勾勒不出你

请检查以下是否对解决您的问题有意义:function get_main_info($application_id){    if (!isset($_SESSION)) session_start();    $conn = create_connection();    $user_id = $_SESSION['user_id'];    /*    $query = "SELECT * from application  where id = :application_id and created_by= :user_id";    var_dump($application_id);die();    $row = $conn->query($query)->fetch();    $row->bindValue(':application_id', $application_id);    $row->bindValue(':user_id', $user_id);    */    $query = $conn->prepare("SELECT * from application  where id = :application_id and created_by= :user_id");    $query->bindValue(':application_id', $application_id, PDO::PARAM_STR);    $query->bindValue(':user_id', $user_id, PDO::PARAM_STR);    $query->execute();    $row = $query->fetchAll();    return $row;}
0
随时随地看视频慕课网APP

相关分类

PHP
php如何把参数放在Http Request Heade???? 1 回答
我要回答