我有以下功能,我试图从 SQL 注入中保护,但我不断收到错误,有什么想法吗?function get_main_info($application_id){ if (!isset($_SESSION)) session_start(); $conn = create_connection(); $user_id = $_SESSION['user_id']; $query = "SELECT * from application where id = :application_id and created_by= :user_id"; var_dump($application_id);die(); $row = $conn->query($query)->fetch(); $row->bindValue(':application_id', $application_id); $row->bindValue(':user_id', $user_id); return $row;}
1 回答
素胚勾勒不出你
TA贡献1827条经验 获得超9个赞
请检查以下是否对解决您的问题有意义:
function get_main_info($application_id){
if (!isset($_SESSION)) session_start();
$conn = create_connection();
$user_id = $_SESSION['user_id'];
/*
$query = "SELECT * from application where id = :application_id and created_by= :user_id";
var_dump($application_id);die();
$row = $conn->query($query)->fetch();
$row->bindValue(':application_id', $application_id);
$row->bindValue(':user_id', $user_id);
*/
$query = $conn->prepare("SELECT * from application where id = :application_id and created_by= :user_id");
$query->bindValue(':application_id', $application_id, PDO::PARAM_STR);
$query->bindValue(':user_id', $user_id, PDO::PARAM_STR);
$query->execute();
$row = $query->fetchAll();
return $row;
}
- 1 回答
- 0 关注
- 87 浏览
添加回答
举报
0/150
提交
取消