SQLSTATE [HY000]常规SQL Server错误:检查来自SQL Server的消息。 (严重程度5)

时间:2022-10-14 13:20:50

I have this error and tried various solution over stack over flow and internet sites but to no avail. I'm stuck since I can't think of anyway how to solve it.

我有这个错误,尝试了各种解决方案覆盖流量和互联网网站,但无济于事。我被困了,因为我无论如何都无法想到如何解决它。

Here's my code which generates the said error.

这是我生成错误的代码。

<?php
session_start();
$name = $_REQUEST['name'];

require 'config.php';

try {

    $db = new PDO($dsn, $username, $password);
    $db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

    $sth = $db->query("SELECT * FROM locations where name = '$name'");

    $locations = $sth->fetchAll();

     echo json_encode( $locations );
} catch (Exception $e) {
    echo $e->getMessage();
}
//header("Location: index.html?platemobnum=$platemobnum");

config.php

<?php

 $server     = "XXXXX";
 $username   = "XXX";
 $password   = "XXXXX";
 $database   = "Database";

 $dsn        = "mssql:host=$server;dbname=$database";

1 个解决方案

#1

1  

The following code will be valid, assuming your webserver can communicate with your database server and the credentials are correct. It uses a PDOStatement to prevent SQL injections.

假设您的Web服务器可以与您的数据库服务器通信并且凭据正确,则以下代码将有效。它使用PDOStatement来防止SQL注入。

session_start();

require 'config.php';

try {
    // create a new connection (verify that your web server can communicate with db server and validate credentials)
    $db = new PDO( $dsn, $username, $password );

    // prepare a statement to prevent SQL injections
    $stmt = $db->prepare( "SELECT * FROM locations WHERE name = ?" );

    /* populate the arguments in your prepared statement.
       needs to be an array even though there is only one argument. */
    $stmt->execute( array( $_REQUEST['name'] ) );

    // fetch all results
    $locations = $stmt->fetchAll();

    // encode as JSON
    echo json_encode( $locations );

} catch (Exception $e) {
    echo $e->getMessage();
}

#1

1  

The following code will be valid, assuming your webserver can communicate with your database server and the credentials are correct. It uses a PDOStatement to prevent SQL injections.

假设您的Web服务器可以与您的数据库服务器通信并且凭据正确,则以下代码将有效。它使用PDOStatement来防止SQL注入。

session_start();

require 'config.php';

try {
    // create a new connection (verify that your web server can communicate with db server and validate credentials)
    $db = new PDO( $dsn, $username, $password );

    // prepare a statement to prevent SQL injections
    $stmt = $db->prepare( "SELECT * FROM locations WHERE name = ?" );

    /* populate the arguments in your prepared statement.
       needs to be an array even though there is only one argument. */
    $stmt->execute( array( $_REQUEST['name'] ) );

    // fetch all results
    $locations = $stmt->fetchAll();

    // encode as JSON
    echo json_encode( $locations );

} catch (Exception $e) {
    echo $e->getMessage();
}
标签:

相关文章