参数化sql查询
我有以下功能,我试图从 SQL 注入中保护,但我不断收到错误,有什么想法吗?
function get_main_info($application_id){
if (!isset($_SESSION)) session_start();
$conn = create_connection();
$user_id = $_SESSION['user_id'];
$query = "SELECT * from application where id = :application_id and created_by= :user_id";
var_dump($application_id);die();
$row = $conn->query($query)->fetch();
$row->bindValue(':application_id', $application_id);
$row->bindValue(':user_id', $user_id);
return $row;
}
Smart猫小萌浏览 89回答 1
1回答
-
素胚勾勒不出你
请检查以下是否对解决您的问题有意义:function get_main_info($application_id){ if (!isset($_SESSION)) session_start(); $conn = create_connection(); $user_id = $_SESSION['user_id']; /* $query = "SELECT * from application where id = :application_id and created_by= :user_id"; var_dump($application_id);die(); $row = $conn->query($query)->fetch(); $row->bindValue(':application_id', $application_id); $row->bindValue(':user_id', $user_id); */ $query = $conn->prepare("SELECT * from application where id = :application_id and created_by= :user_id"); $query->bindValue(':application_id', $application_id, PDO::PARAM_STR); $query->bindValue(':user_id', $user_id, PDO::PARAM_STR); $query->execute(); $row = $query->fetchAll(); return $row;}
随时随地看视频慕课网APP
PHP