如何使用mysqli清理用户搜索输入 [英] How to sanitize user search input using mysqli
本文介绍了如何使用mysqli清理用户搜索输入的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我刚刚开始学习mysqli并且不知道如何在我的旧项目中应用它..
所以这是我的代码:
i'm just starting to learn mysqli and don't know how to apply it in my old project..
so here is my code:
<?php
$sName = "***";
$conInfo = array( "Database"=>"***", "UID"=>"***", "PWD"=>"***");
$oconn = sqlsrv_connect( $sName, $conInfo);
if( !$oconn ) {
die( print_r( sqlsrv_errors(), true));
}
if(isset($_POST['searchimput'])) {
if(empty($_POST['coc_type'])){
echo 'Please Supply Policy type and search by field';
}
else {
$plateno = $_POST['searchimput'];
$coc_type = $_POST['coc_type'];
$searchBy =$_POST['filter'];
echo'<span class="sr-paregister2">';
echo 'POLICY TYPE : '.$coc_type;
echo "<br>\n";
switch ($searchBy) {
case "PLATE_NO":
echo "PLATE NUMBER : .".$plateno;
break;
case "SERIAL_NO":
echo "CHASSIS NUMBER :".$plateno;
break;
case "MOTOR_NO":
echo "MOTOR NUMBER :".$plateno;
break;
default:
echo "";
}
echo'</span>';
echo "<br>\n";
echo '<hr>';
$odsql =" select statement here ";
$ostmt = sqlsrv_query( $oconn, $odsql);
$row_count = sqlsrv_has_rows( $ostmt );
if ($row_count === false)
echo "No record found";
else
while( $value = sqlsrv_fetch_array( $ostmt,SQLSRV_FETCH_NUMERIC))
{
(do this......)
}
sqlsrv_free_stmt( $ostmt);
sqlsrv_close( $oconn);
}
}
?>
以及如何使用mysqli清理此代码?
谢谢
我尝试了什么:
我刚开始学习mysqli而不知道如何申请它在我的旧项目..
and also how do i sanitize this code using mysqli?
thanks
What I have tried:
i'm just starting to learn mysqli and don't know how to apply it in my old project..
推荐答案
sName = ***跨度>;
sName = "***";
conInfo = array( 数据库 => *** , UID => ***, PWD => ***);
conInfo = array( "Database"=>"***", "UID"=>"***", "PWD"=>"***");
oconn = sqlsrv_connect(
oconn = sqlsrv_connect(
这篇关于如何使用mysqli清理用户搜索输入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文