不从MySQL数据库中获取数据

时间:2015-07-07 18:40:28

标签: php mysql

我正在尝试从我的数据库中获取数据,但它没有给我任何输出。它只显示“所有费用”。我的代码如下:

<?php
        include 'preCode.php';
        include 'header.php';

        echo '<body><div class="standardLayout">';
        include 'systemMenu.php';
        echo '<h4>All Charges</h4>';

          $user = unserialize($_SESSION['user']);
          echo $query = "SELECT * FROM billingItems WHERE userID=' " . $user-> userID .  " ' ORDER BY deliveryTimestamp DESC"; 
          $result = mysqli_query($db, $query);
         while ($row = mysqli_fetch_array($result)) {

        echo  $row['type'] . '<br>' . 
                'Cost: $' . $row['amount'] . '<br>' . 
                ' Finalized: ' . $row['deliveryTimestamp']  ;

}
        echo '</div></body></html>';

        $_SESSION['user'] = serialize($user);
        include 'footer.html';
?>

以下是echo $query;的输出:

  

所有费用对象(用户)#2(11){[“orders”] =&gt; NULL [“fName”] =&gt; string(6)“kimmie”[“lName”] =&gt; string(4)“kaur”[“address”] =&gt; string(10)“6768bbnmmn”[“phone”] =&gt; string(11)“66767798898”[“email”] =&gt; string(6)“kimmie”[“userID”] =&gt; string(3)“108”[“password”] =&gt; string(4)“kaur”[“passwordX”] =&gt; NULL [“amountOwed”] =&gt; string(1)“0”[“zip”] =&gt; string(6)“768798”} SELECT * FROM billingItems WHERE userID ='108'ORDDER BY deliveryTimestamp DESC

1 个答案:

答案 0 :(得分:0)

我觉得你的查询构建是一个问题,因为这个

$query = "SELECT * FROM billingItems WHERE userID=' " . $user-> userID .  " ' ORDER BY deliveryTimestamp DESC";
如果ID是“bob”,

会给你这个。

SELECT * FROM billingItems WHERE userID=' bob ' ORDER BY deliveryTimestamp DESC

您在ID周围嵌入了空格,该空格与列的内容不匹配。

更安全的方法是使用预准备语句和绑定参数,这样就不会遇到这些类型的错误。它还可以保护您免受SQL注入。有关详细信息,请参阅此问题:How can I prevent SQL-injection in PHP?

相关问题
最新问题