im重写我所有的数据库查询,以便准备好它们,并使用PDO(在我使用mysqli之前),以便针对sql注入进行保存。现在我是PDO的新手,所以这可能是一个我没有看到的小错误,所以我希望你们能帮助我,因为这个代码不起作用。
<?php
function getUserBalance($steamid)
{
include 'settings.php';
$conn = new PDO("mysql:host="$servername";dbname="$dbname"", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = $conn->prepare("SELECT balance FROM users WHERE steamid= :steamid");
$stmt = $conn->prepare($sql);
$stmt->bind_param(":steamid", $steamid, PDO::PARAM_STR);
$stmt->execute();
while($row = $stmt->fetch(PDO::FETCH_ASSOC))
{
return $row['balance'];
}
}
$stmt->close();
?>
Okey,所以现在我把它改成了新的PDO("mysql:host=$servername;dbname=$dbname",$username,$password);,移动了$stmt->close();在函数(oops)中,并将bind_param更改为bindParam,Thx现在开始工作
<?php
include 'ChromePhp.php';
function getUserBalance($steamid)
{
include 'settings.php';
$db = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "SELECT balance FROM users WHERE steamid= :steamid";
$stmt = $db->prepare($sql);
$stmt->bindParam(':steamid', $steamid, PDO::PARAM_STR);
$stmt->execute();
while($row = $stmt->fetch(PDO::FETCH_ASSOC))
{
return $row['balance'];
}
$stmt->close();
}
?>
更改此行
$conn = new PDO("mysql:host="$servername";dbname="$dbname"", $username, $password);
到此
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);