0

我想用 MySQLi 语句或 PDO 做以下事情,但我的服务器上遇到了很多错误。

请检查以下示例来学习我自己编写的代码是否可以确保安全,以及是否可以使用它。并希望以下代码将帮助新的 MySQLi 用户至少学习如何开始使用 MySQLi:

<?php
$host = "localhost";
$username = "db_user";
$password = "db_pass";
$dbname = "db_name";
@ $db = mysqli_connect($host, $username, $password, $dbname);
if(mysqli_connect_errno())
{
    die("Connection could not be established");
}
$username = mysqli_real_escape_string($db, $_GET['user']);
$query = ("SELECT * FROM members WHERE profile='$username' ORDER BY id DESC LIMIT 1");
$result = mysqli_query($db, $query);
while($row = mysqli_fetch_array($result))
{
?>

PROFILE VIEW

   <br>Name: <?php echo $row['nombre']?> ID: <?php echo $row['Age']?> <br />




<?php
}
?>

一切正常。如果有人可以使它更安全,我将不胜感激。

4

1 回答 1

1

我会和这个一起去的。

<?php
$host = "localhost";
$username = "db_user";
$password = "db_pass";
$dbname = "db_name";
$db = mysqli_connect($host, $username, $password, $dbname);
if(mysqli_connect_errno()) {
 die("Connection could not be established");
}
$username = $_GET['user'];
$query = $db->prepare("SELECT * FROM `members` WHERE `profile` = ? ORDER BY `id` DESC LIMIT 1");
$query->bind_param('s', $username);
$query->execute();
while($row = $query->fetch_row()) { ?>

 <br />Name: <?php echo $row['nombre']; ?> ID: <?php echo $row['Age']; ?> <br /><?php
} ?>
于 2014-01-13T10:52:54.973 回答