PHP无法执行格式正确的posqtgresql句子 [英] php does not execute a well formed posqtgresql sentence

问题描述

我有此代码：

$dbconn = pg_connect("host=localhost dbname=dbbase user=postgres password=postgres") or die('Connection error: ' . pg_last_error());
$qstation ="SELECT id FROM st WHERE string ='".$string."'";
$rstation = pg_query($dbconn,$qstation) or die('Query error: ' . pg_last_error());

echo $qstation;

这显示了我

SELECT id FROM st WHERE string='A_AA_00_00_A'

pgadmin3，它将返回结果。

if i execute it on pgadmin3, it returns me the result.

但是如果我尝试这样做

print_r(pg_fetch_array($rstation, null, PGSQL_ASSOC));

我没有错误，并且print_r（）不会返回任何东西。

i have no erros and print_r() does not return me anything.

如果我使用'A_AA_00_00_A'更改$ string变量，则

if i change the $string variable with 'A_AA_00_00_A'

$qstation ="SELECT id FROM st WHERE string='A_AA_00_00_A'";

语句右执行，print_r（）返回数据

the sentence executes right and print_r() returns data

Array ( [id] => 10 )

我在做什么错？

推荐答案

您确实应该在此处使用参数化语句，尽管我认为没有理由认为这是在这种情况下的问题。使用PDO或 pg_query_params 。参见 http://bobby-tables.com ，谷歌 SQL注入，有关SQL注入的PHP手册。

You really should be using parameterized statements here, though I see no reason to think that's the problem in this specific case. Use PDO, or pg_query_params. See http://bobby-tables.com, google "SQL injection", PHP manual on SQL injection.

在这种情况下，您确实需要查看PostgreSQL服务器错误日志以确定查询是否完全到达PostgreSQL，如果是，则查询是否因错误而失败。

In a case like this you really need to look at the PostgreSQL server error logs to determine whether the query is reaching PostgreSQL at all, and if it is, whether it's failing with an error.

您似乎还没有正确检查PHP代码中的错误。使用 pg_result_status 测试错误，然后 pg_result_status 以获取错误详细信息。

You also appear to be failing to properly check for errors in your PHP code. Use pg_result_status to test for an error, and pg_result_status to get error specifics.

$rstation = pg_query($dbconn,$qstation) or die('Query error: ' . pg_last_error());
if (pg_result_status($rstation) != PGSQL_TUPLES_OK) {
    $errmsg = pg_result_error($rstation);
    # ... report error to user or handle it ...
}

您可能还希望查看 pg_result_error_field 用于特定的错误字段。

You might also want to look at pg_result_error_field for specific error fields.

这篇关于PHP无法执行格式正确的posqtgresql句子的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！