我为自己的网站更改了php代码,因为我需要使用更多的安全性。我从示例中读取了很多有关此的消息,但不幸的是它不起作用。没有数据库的结果,没有错误
之前(工作正常)
连接php
<?php
try {
$db = new PDO('mysql:host=localhost;dbname=belam647807; charset=utf8','root','root'); }
catch(Exception $e) {die('Erreur : '.$e->getMessage());}
?>
选择代码
<?php $nbPage = ceil($total/$perPage);
if(isset($_GET['page']) && !empty($_GET['page']) && ctype_digit($_GET['page']) == 1){
if ($_GET['page'] > $nbPage) {
$page = $nbPage;
}else{
$page = $_GET['page'];
}
}else{
$page = 1;
}
$first = ($page-1)*$perPage;
$reponse = $db->query("SELECT * FROM profils ORDER BY id DESC LIMIT $first, $perPage" );
while ($donnees = $reponse->fetch())
{
?>
更改PDO后
连接php
<?php
$db = new PDO('mysql:host=localhost;dbname=test, charset=utf8', 'root', 'root');
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
?>
选择代码
<?php $nbPage = ceil($total/$perPage);
if(isset($_GET['page']) && !empty($_GET['page']) && ctype_digit($_GET['page']) == 1){
if ($_GET['page'] > $nbPage) {
$page = $nbPage;
}else{
$page = $_GET['page'];
}
}else{
$page = 1;
}
$first = ($page-1)*$perPage;
$reponse = $db->prepare("SELECT * FROM profils ORDER BY id DESC LIMIT $first, $perPage" );
$reponse->execute();
while ($donnees = $reponse->fetch(PDO::FETCH_ASSOC)){
?>
答案 0 :(得分:0)
从prepare语句中删除变量并绑定值。
$sql = "SELECT * FROM profils ORDER BY id DESC LIMIT :first, :perPage";
$sth = $db->prepare($sql);
$sth->bindValue(':first', $first);
$sth->bindValue(':perPage', $perPage);
if ($sth->execute()) {
if ($sth->rowCount() > 0) {
$data = $sth->fetch(PDO::FETCH_ASSOC);
}
}
print_r($data);