Php 为了获得行数,我们还需要指定一些查询选项。(看一看和) 请注意,构建数组的顺序必须与?符号在查询中的显示顺序相匹配。由于在每个查询中只使用一个参数,并且它们是相同的,因此只需要构建一个数组 然后将所有mssql函数替换为sqlsrv函数,有关函数及其用法的
Php 为了获得行数,我们还需要指定一些查询选项。(看一看和) 请注意,构建数组的顺序必须与?符号在查询中的显示顺序相匹配。由于在每个查询中只使用一个参数,并且它们是相同的,因此只需要构建一个数组 然后将所有mssql函数替换为sqlsrv函数,有关函数及其用法的,php,sql-server,preg-replace,Php,Sql Server,Preg Replace,为了获得行数,我们还需要指定一些查询选项。(看一看和) 请注意,构建数组的顺序必须与?符号在查询中的显示顺序相匹配。由于在每个查询中只使用一个参数,并且它们是相同的,因此只需要构建一个数组 然后将所有mssql函数替换为sqlsrv函数,有关函数及其用法的列表,请参阅文档:您可以在PHP和mssql中使用SQL参数,请查看以下内容: 您的参数值将自动转义,而无需您进行任何工作 您需要使用sqlsrv驱动程序,请参阅: 为了获得行数,我们还需要指定一些查询选项。(看一看和) 请注意,构建数组的顺
为了获得行数,我们还需要指定一些查询选项。(看一看和)
请注意,构建数组的顺序必须与
?
符号在查询中的显示顺序相匹配。由于在每个查询中只使用一个参数,并且它们是相同的,因此只需要构建一个数组
然后将所有mssql函数替换为sqlsrv函数,有关函数及其用法的列表,请参阅文档:
您可以在PHP和mssql中使用SQL参数,请查看以下内容:
您的参数值将自动转义,而无需您进行任何工作
您需要使用sqlsrv驱动程序,请参阅:
为了获得行数,我们还需要指定一些查询选项。(看一看和)
请注意,构建数组的顺序必须与
?
符号在查询中的显示顺序相匹配。由于在每个查询中只使用一个参数,并且它们是相同的,因此只需要构建一个数组
然后将所有mssql函数替换为sqlsrv函数,有关函数及其用法的列表,请参阅文档:
您的代码易受攻击。在您了解它们以及如何避免它们之前,请停止此操作。我没有构建此页面,只是尝试在完成完整站点重建之前修复它。在消除SQL注入漏洞之前,它不会被“修复”。现在有人可能通过简单的搜索就可以删除数据库中的所有内容。Alvaro的可能重复,不,它不是重复的我不想阻止SQL注入我想知道如何修复一个不喜欢的查询&并且“你的代码容易受到攻击”。在您了解它们以及如何避免它们之前,请停止此操作。我没有构建此页面,只是尝试在完成完整站点重建之前修复它。在消除SQL注入漏洞之前,它不会被“修复”。现在有人可能只需做一个简单的搜索就可以删除数据库中的所有内容。Alvaro的可能重复,不,它不是重复的我不想阻止SQL注入我想知道如何修复不喜欢的查询和“查看我的编辑”,我还包括了文档的链接=]谢谢Sean,我将尝试一下。。。有时候我觉得SQL和PHP会让我丧命。哦,会的,别担心……;]对于负责人来说,值得一提的是,同时使用MS SQL数据库和PHP并不是天作之合。最好使用MySQL作为数据库,或者使用.Net作为web应用程序。显然,我知道它几乎从来没有像那样简单,但无论如何它都是值得一提的=]在第一段代码的底部,您得到了mssql\u free\u结果($query)
尝试将其更改为sqlsrv\u free\u stmt($query)
。Docs:好的,我想我已经让查询工作了,但它没有打印结果,我想这与($I=0;$I<$numorrows;$I++){$row=mssql_fetch_数组($query);if($I%2){print';}else{print';}查看我的编辑,我还包括了文档的链接=]谢谢Sean,我会尝试一下……有时我认为SQL和PHP会让我丧命。哦,会的,别担心……;]可能值得向负责人提及的是,同时使用MS SQL数据库和PHP并不完全是天作之合。我敢打赌请停止使用MySQL作为数据库或使用.Net作为web应用程序。显然,我知道这几乎从来没有像那样简单,但无论如何都值得一提=]在第一段代码的底部,您得到了mssql\u free\u result($query)
尝试为sqlsrv\u free\u stmt($query)更改此选项
.Docs:好的,我想我已经完成了查询,但它没有打印结果,我想这与($I=0;$I<$numorrows;$I++){$row=mssql\u fetch\u数组($query);if($I%2){print';}else{print';}有关
$department = $_GET['dept'];
// This will evaluate to TRUE so the text will be printed.
if (isset($department)) {
$query = mssql_query("SELECT * FROM directory WHERE Displayname = '$department' ORDER BY Lastname");//$query = mssql_query("SELECT * FROM directory WHERE department IN (SELECT id FROM departments WHERE name='$department') ORDER BY Lastname");
$query2 = mssql_query(
"SELECT TOP 1 directory.FirstName, directory.Lastname, directory.email,
directory.phone, directory.office, directory.title, directory.displayname, departments.id AS dept_id, departments.name AS dept_name, departments.url AS dept_url
FROM directory
INNER JOIN departments on directory.displayname = departments.name
WHERE directory.displayname = '$department'
ORDER BY directory.LastName");
$numofrows = @mssql_num_rows($query);
// Check if there were any records
if (!mssql_num_rows($query)) {
echo 'No records found';
echo '<br /><a href="/directory/">Go Back</a>';
} else {
while($row1 = mssql_fetch_array($query2))
{
$dept_var = $row1['dept_name'];
$dept_id = $row1['dept_id'];
$dept_url = $row1['dept_url'];
print "<h3><a href=\"$dept_url\">$dept_var</a></h3>";
}
print "<table id=\"directory_table\" width=\"480\">
<tr>
<th>Name</th>
<th>Email</th>
<th>Phone</th>
<th>Office</th>
<th>Title</th>
</tr>";
for($i = 0; $i < $numofrows; $i++)
{
$row = mssql_fetch_array($query);
if($i % 2)
{
print '<tr bgcolor="#ffffff">';
}
else
{
print '<tr bgcolor="#eeeeee">';
}
print "<td>" . $row['Firstname'] . " " . $row['Lastname'] . " </td>";
print "<td><a href=\"mailto:" . $row['email'] . "\">" . $row['email']. "</a> </td>";
print "<td>" . $row['phone'] . " </td>";
print "<td>" . $row['Office'] . " </td>";
print "<td>" . $row['Title'] . " </td>";
print "</tr>";
}
print "</table>";
}
// Free the query result
mssql_free_result($query);
}
else
print "No Search Defined";
?>
$serverName = "localhost"; //serverName\instanceName
$connectionInfo = array( "Database"=>"DACC", "UID"=>"daccweb", "PWD"=>"go");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn ) {
echo "Connection established.<br />";
}else{
echo "Connection could not be established.<br />";
die( print_r( sqlsrv_errors(), true));
}
//$conn = sqlsrv_connect("connection string here");
$queryParams = array($department);
//Selector links
print "<a href=\"/directory/\">Go back to main search</a><br />";
print "<u>Search for Employees:</u><br /><br />\n";
print "<br />";
//$officeloc = $_GET['building'];
$department = $_GET['dept'];
// This will evaluate to TRUE so the text will be printed.
if (isset($department)) {
$query = sqlsrv_query($conn, "SELECT * FROM directory WHERE Displayname = ? ORDER BY Lastname", $params);
$query2 = sqlsrv_query($conn, "SELECT TOP 1 directory.FirstName, directory.Lastname, directory.email,
directory.phone, directory.office, directory.title, directory.displayname,
departments.id AS dept_id, departments.name AS dept_name, departments.url AS dept_url
FROM directory
INNER JOIN departments on directory.displayname = departments.name
WHERE directory.displayname = ?
ORDER BY directory.LastName", $params);
$query2 = sqlsrv_query($conn, "SELECT TOP 1 directory.FirstName, directory.Lastname, directory.email,
directory.phone, directory.office, directory.title, directory.displayname,
departments.id AS dept_id, departments.name AS dept_name, departments.url AS dept_url
FROM directory
INNER JOIN departments on directory.displayname = departments.name
WHERE directory.displayname = ?
ORDER BY directory.LastName", $params);
$numofrows = @@sqlsrv_has_rows($query);
// Check if there were any records
if (!@sqlsrv_has_rows($query)) {
echo 'No records found';
echo '<br /><a href="/directory/">Go Back</a>';
} else {
while($row1 = sqlsrv_fetch_array($query2))
{
$dept_var = $row1['dept_name'];
$dept_id = $row1['dept_id'];
$dept_url = $row1['dept_url'];
print "<h3><a href=\"$dept_url\">$dept_var</a></h3>";
//echo "</h3><br />";
}
print "<table id=\"directory_table\" width=\"480\">
<tr>
<th>Name</th>
<th>Email</th>
<th>Phone</th>
<th>Office</th>
<th>Title</th>
</tr>";
for($i = 0; $i < $numofrows; $i++)
{
$row = sqlsrv_fetch_array($query);
if($i % 2)
{
print '<tr bgcolor="#ffffff">';
}
else
{
print '<tr bgcolor="#eeeeee">';
}
print "<td>" . $row['Firstname'] . " " . $row['Lastname'] . " </td>";
print "<td><a href=\"mailto:" . $row['email'] . "\">" . $row['email']. "</a> </td>";
print "<td>" . $row['phone'] . " </td>";
print "<td>" . $row['Office'] . " </td>";
print "<td>" . $row['Title'] . " </td>";
print "</tr>";
}
print "</table>";
}
// Free the query result
sqlsrv_free_stmt($query);
}
else
print "No Search Defined";
$conn = sqlsrv_connect("connection string here");
$queryParams = array($department);
$queryOptions = array( "Scrollable" => "buffered" );
$query = sqlsrv_query($conn, "SELECT * FROM directory WHERE Displayname = ? ORDER BY Lastname", $queryParams, $queryOptions);
$query2 = sqlsrv_query($conn, "SELECT TOP 1 directory.FirstName, directory.Lastname, directory.email,
directory.phone, directory.office, directory.title, directory.displayname,
departments.id AS dept_id, departments.name AS dept_name, departments.url AS dept_url
FROM directory
INNER JOIN departments on directory.displayname = departments.name
WHERE directory.displayname = ?
ORDER BY directory.LastName", $queryParams, $queryOptions);
$numofrows = sqlsrv_num_rows($query);