0

我正在使用 MySQL 从表中获取数据,但它显示异常。这是我正在使用的代码。我使用 URL 调用它来测试:

    $userName=mysql_real_escape_string($_GET['userName']);
    $query = mysql_query("SELECT * FROM UserCredentials where UserName='$userName' ");

http://celeritas-solutions.com/pah_brd_v1/productivo/getUserData.php?userName=jamshaid.ali

这是例外

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/content/i/h/u/ihus235/html/cs/pah_brd_v1/productivo/getUserData.php on line 74 []

这是完整的代码

   $userName=mysql_real_escape_string($_GET['userName']);

   $query = mysql_query("SELECT * FROM UserCredentials Where UserName='$userName' ");


    $rows = array();
    while($row = mysql_fetch_assoc($query)) {
    $rows[] = $row;
    }
    echo json_encode($rows);
     ?>
4

2 回答 2

0

一些建议——

使用isset(),比如——

if(isset($_GET['userName'])) {
// Do the processing, most appropriate check whether form is submitted or not
}

现在你的代码看起来像 -

// Sanatize 数据,并确保保护您的代码免受 sql 注入(首选 PDO 或 mysqli_)

   if(isset($_GET['userName'])) {

   $userName=mysql_real_escape_string($_GET['userName']);
   $sql = "SELECT * FROM UserCredentials Where UserName='".$userName."'";
   $query = mysql_query($sql, $conn) or die(mysql_error());

    $rows = array();
    while($row = mysql_fetch_assoc($query)) {
    $rows[] = $row;
    }
    echo json_encode($rows);

   }
 ?>

echo$sql;并运行它phpmyadmin以检查您的查询是否正确形成,使用 var_dump() 并读取错误/警告/通知来跟踪错误。

于 2013-06-21T10:03:46.153 回答
0 
$query = sprintf("SELECT * FROM UserCredentials where UserName='%s'",mysql_real_escape_string($_GET['userName']));
$result = mysql_query($query);
if(result){
   //do you code
}
于 2013-06-21T09:53:50.680 回答