-3

这是我的代码的一部分:

$sql = "select uid,connected,callerid2 from calls where uid = $uid;";
    $c = new dbConnect();
    $results = pg_query($c->pgConnect(), $sql);
    if (!$results)
    {
        die("Error in SQL query: " . pg_last_error());
    }

当我从 SSH 执行它时,会出现以下消息:

LINE 1: select uid,connected,callerid2 from calls where uid = ;

似乎$uid没有正确注射,但我不知道为什么。我也试过pg_prepare了,结果一样。我需要做些什么不同的事情?

4

4 回答 4

1
$sql = "select uid,connected,callerid2 from calls where uid = '" . (int)$uid . "'";
于 2013-03-21T15:14:54.623 回答
1
$sql = "select uid,connected,callerid2 from calls where uid = '" . $uid . "'";

并确保它$uid存在。

于 2013-03-21T14:32:52.260 回答
0
$query = sprintf("select uid,connected,callerid2 from calls where uid = '%s'", 
$uid); 
// Then run the query. 
$result = mysql_query($query);
于 2013-03-21T14:33:34.537 回答
-2

变量显然是空的。此外,不要混淆字符串和变量总是好的

$sql = "select uid,connected,callerid2 from calls where uid = " . $uid . ";";

如果$uid应该是字符串而不是整数,请用引号括起来:

$sql = "select uid,connected,callerid2 from calls where uid = '" . $uid . "';";
于 2013-03-21T14:31:49.293 回答