Php 从ajax请求调用mysqli分离类返回空错误
我必须在我的php Wordpress插件中执行一些查询。因此,我创建了一个seaprate类文件,其中存储了后面的逻辑Php 从ajax请求调用mysqli分离类返回空错误,php,ajax,wordpress,mysqli,Php,Ajax,Wordpress,Mysqli,我必须在我的php Wordpress插件中执行一些查询。因此,我创建了一个seaprate类文件,其中存储了后面的逻辑 class Table{ static $host = 'localhost'; static $db_name = 'somedb'; static $db_username = 'someuser'; static $db_password = 'somepass'; private $table; private $fields; public function _
class Table{
static $host = 'localhost';
static $db_name = 'somedb';
static $db_username = 'someuser';
static $db_password = 'somepass';
private $table;
private $fields;
public function __construct($table, $fields){
$this->db_name = $this->db_name;
$this->host = $this->host;
$this->db_password = db_password;
$this->db_username = db_username;
$this->table = $table;
$this->fields = $fields;
}
public static function query($table, $fields){
$mysqli = new mysqli(Table::$host,Table::db_username,Table::db_password,Table::db_name);
if (mysqli_connect_errno($mysqli)) {
return "Failed to connect to MySQL: " . mysqli_connect_error();
}
$fields = implode(",", $fields);
$result = $mysqli->query("SELECT" . $fields . " from " . $table);
while($row = $result->fetch_assoc()){
$rows[] = $row;
}
$result->free();
$mysqli->close();
return $rows;
}
$zips = Table::query("GeoPC_MA", array('city','zip'));
请帮助我您应该使用apache错误日志SO$result=$mysqli->querySELECT$领域。从$桌子请在SELECT之后查看空格,否则您将从中获得SELECTcity,zip。您很容易受到注入攻击,尤其是当调用看起来像这样时:Table::query'foo',['*from user;-'];非常感谢您的apache日志技巧。问题是在静态变量中,当我调用它们时,忘记了放$符号。请问Elias我如何保护我的代码不被PHP注入?