-1

有人告诉我我的脚本容易受到攻击并将其更改为 PDO。我已经尝试过了,它正在工作,但在test.php页面的顶部显示如下。

Array ( [name] => matthew [email] => ''@aol.com [order] => shipped [status] => AU1776 )

如何在没有数组和所有字符的情况下一个接一个地呈现这些数据?

pdo 脚本:

<?php

$host=""; // Host name
    $username=""; // Mysql username
    $password=""; // Mysql password
    $db_name=""; // Database name
    $tbl_name="members"; // Table name

    $db = new PDO('mysql:host='.$host.
                      ';dbname='.$db_name.
                      ';charset=UTF-8',
                $username, $password);
    $stmt = $db->prepare('SELECT * FROM `members` WHERE `username`=:username LIMIT 1');


    print_r($result);
?>
4

1 回答 1

0

代替:

print_r($result);

用这个:

echo "The is: ".$result['name'].", and mail is: ".$result['email']." . Status: ".$result['status'];

- - - - - - 编辑 - - - - - - - - - -

要在输入类型文本上显示这些结果:

<input type="text" name="test" value="<?php echo $result['name']; ?>" />

------------ EDIT2---------

非常基本的例子:

<?php
 $email = "someone@exa mple.com";//change this line to $email = $_POST['textfield'];

 if(!filter_var($email, FILTER_VALIDATE_EMAIL))
  {
   echo "E-mail is not valid"; //comment this echo and put a header(fail.html)
  }
 else
{
 echo "E-mail is valid"; //comment this echo and do al pdo stuff
}
?>
于 2013-04-30T13:59:51.147 回答