我有这个 php 文件,我在其中发送一个名为 user_email 的变量,如下所示:
http:// * ** * ** * *** /android_connect/get_all_products.php?user_email="m"
通过我的 android 应用程序代码。
但是,即使它应该返回我一些数据,它也会从其他地方返回“未找到产品”!但是,如果我使用 test1 查询,它会返回正确的数据!我知道代码对 SQL 注入很有价值,但我必须做些什么来修复它?请帮助我真的需要这个!!!!!!!
<?php
/*
* Following code will list all the products
*/
// array for JSON response
$response = array();
$user_email = $_REQUEST['user_email'];
//echo $user_email;
// include db connect class
require_once __DIR__ . '/db_connect.php';
// connecting to db
$db = new DB_CONNECT();
// get all products from products table
$test = "SELECT *FROM products WHERE user_email= '" . $user_email . "'";
//$test1= "SELECT * FROM products where user_email='m'" ;
//echo $test;
$result = mysql_query($test) or die(mysql_error());
// check for empty result
if (mysql_num_rows($result) > 0) {
// looping through all results
// products node
$response["products"] = array();
while ($row = mysql_fetch_array($result)) {
// temp user array
$product = array();
$product["pid"] = $row["pid"];
$product["firstname"] = $row["firstname"];
$product["lastname"] = $row["lastname"];
$product["email"] = $row["email"];
$product["phone"] = $row["phone"];
$product["address"] = $row["address"];
$product["created_at"] = $row["created_at"];
$product["updated_at"] = $row["updated_at"];
$product["user_email"] = $row["user_email"];
// push single product into final response array
array_push($response["products"], $product);
}
// success
$response["success"] = 1;
// echoing JSON response
echo json_encode($response);
} else {
// no products found
$response["success"] = 0;
$response["message"] = "No products found";
// echo no users JSON
echo json_encode($response);
}
?>