我有以下功能,我試圖從 SQL 注入中保護(hù),但我不斷收到錯(cuò)誤,有什么想法嗎?function get_main_info($application_id){ if (!isset($_SESSION)) session_start(); $conn = create_connection(); $user_id = $_SESSION['user_id']; $query = "SELECT * from application where id = :application_id and created_by= :user_id"; var_dump($application_id);die(); $row = $conn->query($query)->fetch(); $row->bindValue(':application_id', $application_id); $row->bindValue(':user_id', $user_id); return $row;}
1 回答
素胚勾勒不出你
TA貢獻(xiàn)1827條經(jīng)驗(yàn) 獲得超9個(gè)贊
請檢查以下是否對解決您的問題有意義:
function get_main_info($application_id){
if (!isset($_SESSION)) session_start();
$conn = create_connection();
$user_id = $_SESSION['user_id'];
/*
$query = "SELECT * from application where id = :application_id and created_by= :user_id";
var_dump($application_id);die();
$row = $conn->query($query)->fetch();
$row->bindValue(':application_id', $application_id);
$row->bindValue(':user_id', $user_id);
*/
$query = $conn->prepare("SELECT * from application where id = :application_id and created_by= :user_id");
$query->bindValue(':application_id', $application_id, PDO::PARAM_STR);
$query->bindValue(':user_id', $user_id, PDO::PARAM_STR);
$query->execute();
$row = $query->fetchAll();
return $row;
}
- 1 回答
- 0 關(guān)注
- 86 瀏覽
添加回答
舉報(bào)
0/150
提交
取消