1. 首頁
  2. 問答
  3. Php函數不能在PDO中工作

Php函數不能在PDO中工作

2012-05-27 179 views
-1

我已經在舊的mysql中做了一個函數,現在想把它轉移到PDO,但它不工作。這是我的新代碼:Php函數不能在PDO中工作

global $host, $dbname, $user, $pass; 
    $DBH = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass); 
    $STH = $DBH->query("SELECT SUM(score), SUM(score_from) FROM school_test_report, school_students 
    WHERE (school_test_report.student_id = school_students.student_id 
    and school_test_report.class=school_students.class) 
    and school_test_report.student_id = '$student_id' and school_test_report.subject = '$subject' 
    and school_test_report.test_date >= '$thisarch' 
           ") 
    $STH->setFetchMode(PDO::FETCH_ASSOC); 
    return $STH;

它輸出:

$student_id = test_score_month($name, 'English'); 
echo $student_id['score'].'/'.$student_id['score_from'];

這裏是一個正在工作的舊代碼:

$result1 = mysql_query("SELECT SUM(score), SUM(score_from) FROM school_test_report, school_students 
    WHERE (school_test_report.student_id = school_students.student_id 
    and school_test_report.class=school_students.class) 
    and school_test_report.student_id = '$student_id' and school_test_report.subject = '$subject' 
    and school_test_report.test_date >= '$thisarch' 
           ") 
    or die(mysql_error()); 
    $row = mysql_fetch_assoc($result1); 
return $row;

它輸出:

$student_id = test_score_month($name, 'English'); 
echo $student_id['score'].'/'.$student_id['score_from'];

來源

2012-05-27 Harinder

+0

定義「不工作」。 'PDO :: query'返回'PDOStatement',而不是結果數組。你需要檢查它是否真的是'PDOStatement'(如果查詢中有錯誤,它也可能是FALSE),並使用其中一個提取函數,例如['$ STH-> fetch()']( http://us.php.net/manual/en/pdostatement.fetch.php)來獲得結果數組。 – DCoder

+0

僅僅因爲您使用的是PDO,並不會使您免受SQL注入攻擊。您不使用預準備語句,不使用佔位符,並將外部數據直接插入到查詢字符串中。享受你的數據庫pwn3d。 –

+0

使用PDO的要點是準備querys功能,如果你不打算使用它,你的腳本就像mysql_ *函數一樣容易受到sql注入的影響 –

回答

1

Heres就是一個例子,將你所有的功能都包含在內你在模型類中與你的用戶相關的查詢,然後調用每個方法返回你的結果等,看看函數/方法如何使用佔位符:student_id然後bindParam的值給佔位符,這只是一個例子,但會幫助你理解更多。

<?php 
class user_model{ 

    private $db; 

    function __construct($host,$dbname,$user,$pass){ 
     $this->dbhost = $host; 
     $this->dbname = $dbname; 
     $this->dbuser = $user; 
     $this->dbpass = $pass; 
    } 

    private function connect(){ 
     if (!$this->db instanceof PDO){ 
      $this->db = new PDO('mysql:dbname='.$this->dbname.';host='.$this->dbhost, $this->dbuser, $this->dbpass); 
      $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
     } 
    } 

    function user_test_score($student_id,$subject,$thisarch){ 
     $this->connect(); 
     $sql = "SELECT SUM(score) as score, SUM(score_from) FROM school_test_report, school_students 
       WHERE (school_test_report.student_id = school_students.student_id 
       AND school_test_report.class=school_students.class) 
       AND school_test_report.student_id = :student_id and school_test_report.subject = :subject 
       AND school_test_report.test_date >= :thisarch"; 
     $statement = $this->db->prepare($sql); 
     $statement->bindParam(':student_id', $student_id, PDO::PARAM_INT); 
     $statement->bindParam(':subject', $subject, PDO::PARAM_STR); 
     $statement->bindParam(':thisarch', $thisarch, PDO::PARAM_STR); 
     $statement->execute(); 
     return $statement->fetchAll(PDO::FETCH_ASSOC); 
    } 

} 


$usermodel = new user_model('localhost','YOURDB','username','password'); 

$student_id = $usermodel->user_test_score($name,'English',your_test_date_format); 

print_r($student_id); 
?>

來源

2012-05-27 15:32:53

相關問題

 相關問題