Php函数在PDO中不工作
我已经在旧的mysql中创建了一个函数,现在想将它传输到PDO,但它不起作用。这是我的新代码:Php函数在PDO中不工作,php,function,pdo,Php,Function,Pdo,我已经在旧的mysql中创建了一个函数,现在想将它传输到PDO,但它不起作用。这是我的新代码: global $host, $dbname, $user, $pass; $DBH = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass); $STH = $DBH->query("SELECT SUM(score), SUM(score_from) FROM school_test_report, school_st
global $host, $dbname, $user, $pass;
$DBH = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
$STH = $DBH->query("SELECT SUM(score), SUM(score_from) FROM school_test_report, school_students
WHERE (school_test_report.student_id = school_students.student_id
and school_test_report.class=school_students.class)
and school_test_report.student_id = '$student_id' and school_test_report.subject = '$subject'
and school_test_report.test_date >= '$thisarch'
")
$STH->setFetchMode(PDO::FETCH_ASSOC);
return $STH;
它输出:
$student_id = test_score_month($name, 'English');
echo $student_id['score'].'/'.$student_id['score_from'];
$student_id = test_score_month($name, 'English');
echo $student_id['score'].'/'.$student_id['score_from'];
下面是正在运行的旧代码:
$result1 = mysql_query("SELECT SUM(score), SUM(score_from) FROM school_test_report, school_students
WHERE (school_test_report.student_id = school_students.student_id
and school_test_report.class=school_students.class)
and school_test_report.student_id = '$student_id' and school_test_report.subject = '$subject'
and school_test_report.test_date >= '$thisarch'
")
or die(mysql_error());
$row = mysql_fetch_assoc($result1);
return $row;
它输出:
$student_id = test_score_month($name, 'English');
echo $student_id['score'].'/'.$student_id['score_from'];
$student_id = test_score_month($name, 'English');
echo $student_id['score'].'/'.$student_id['score_from'];
下面是一个例子,在模型类中用与用户相关的查询将所有函数包装起来,然后调用每个方法返回结果ect,看看函数/方法如何使用占位符
:student\u id
,然后bindParam将值转换为占位符,这只是一个例子,但会帮助您了解更多
<?php
class user_model{
private $db;
function __construct($host,$dbname,$user,$pass){
$this->dbhost = $host;
$this->dbname = $dbname;
$this->dbuser = $user;
$this->dbpass = $pass;
}
private function connect(){
if (!$this->db instanceof PDO){
$this->db = new PDO('mysql:dbname='.$this->dbname.';host='.$this->dbhost, $this->dbuser, $this->dbpass);
$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
}
function user_test_score($student_id,$subject,$thisarch){
$this->connect();
$sql = "SELECT SUM(score) as score, SUM(score_from) FROM school_test_report, school_students
WHERE (school_test_report.student_id = school_students.student_id
AND school_test_report.class=school_students.class)
AND school_test_report.student_id = :student_id and school_test_report.subject = :subject
AND school_test_report.test_date >= :thisarch";
$statement = $this->db->prepare($sql);
$statement->bindParam(':student_id', $student_id, PDO::PARAM_INT);
$statement->bindParam(':subject', $subject, PDO::PARAM_STR);
$statement->bindParam(':thisarch', $thisarch, PDO::PARAM_STR);
$statement->execute();
return $statement->fetchAll(PDO::FETCH_ASSOC);
}
}
$usermodel = new user_model('localhost','YOURDB','username','password');
$student_id = $usermodel->user_test_score($name,'English',your_test_date_format);
print_r($student_id);
?>
定义“不工作”PDO::query
返回一个PDO语句
,而不是结果数组。您需要检查它是否真的是一个PDOStatement
(如果查询中有错误,它也可能是FALSE),并使用一个fetch函数(例如)来获取结果数组。仅仅因为您使用的是PDO并不能使您免受SQL注入攻击。您没有使用准备好的语句,没有使用占位符,也没有直接将外部数据插入查询字符串。享受你的数据库pwn3d。使用PDO的重点是准备好querys功能,如果你不打算使用它,你的脚本就像我告诉你的mysql_*功能一样容易受到sql注入的攻击,我是PDO新手,所以请帮助