参数传递(PHP)

Question

我试图在数据库中选择一条记录.我遇到了函数runSelect的问题(函数是选择数据库中的记录)我相信它可能与我如何在函数中传递我的变量有关.

    function select($pUserData){
        echo "I am in function select." . "<br/>";
        // Create the SQL query
        $sqlQuery = "SELECT * FROM tablName WHERE id= " . $pUserData[0];

        $con = openConnection();

        $result = $con->query($sqlQuery);

        $row = $result->fetch_row();

        echo "hello";

        echo "ID: " . $row[0] . "<br />";
        echo "First Name: " . $row[1] . "<br />";

        // Close connection
        closeConnection($con);          
    }                

    function openConnection() {
        $connection = new mysqli("localhost", "userName", "password", "databaseName");
        if ( mysqli_connect_errno() ) {
            echo "Error: Could not connect to database.  Please try again later. " . "<br/>";
        }

        echo "in openConnection" . "<br/>";         

        return $connection;
    }

    function closeConnection($pCon) {
        $pCon->close(); 
    }
    ?>

Answer 1

1. 您的代码对SQL注入开放...
2. 仅提供函数所需的数据,而不是整个输入数组.
3. 如果将来有多个查询,则为每个查询连接和断开连接都是低效的.让PHP在退出时与数据库断开连接,直到需要对其进行微控制(可能永远不会),并且您可以更好地管理资源.
4. 在程序开头用var_export或var_dump打印$ _POST的内容.
5. 在runSelect函数中打印$ result-> num_rows.

6. 像这样添加几行:

   echo '<p>' . __LINE__ . '</p>';