I am using MySQL to get data from table but it shows an exception. Here is the code I am using. I am calling this using URL to test:
我使用MySQL从表中获取数据,但它显示异常。这是我正在使用的代码。我用URL测试这个:
$userName=mysql_real_escape_string($_GET['userName']);
$query = mysql_query("SELECT * FROM UserCredentials where UserName='$userName' ");
http://celeritas-solutions.com/pah_brd_v1/productivo/getUserData.php?userName=jamshaid.ali
Here is the exception
这是例外
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/content/i/h/u/ihus235/html/cs/pah_brd_v1/productivo/getUserData.php on line 74 []
Here is the full code
这是完整的代码
$userName=mysql_real_escape_string($_GET['userName']);
$query = mysql_query("SELECT * FROM UserCredentials Where UserName='$userName' ");
$rows = array();
while($row = mysql_fetch_assoc($query)) {
$rows[] = $row;
}
echo json_encode($rows);
?>
2 个解决方案
#1
0
$query = sprintf("SELECT * FROM UserCredentials where UserName='%s'",mysql_real_escape_string($_GET['userName']));
$result = mysql_query($query);
if(result){
//do you code
}
#2
0
Some suggestions -
一些建议 -
Use isset() , like --
使用isset(),如 -
if(isset($_GET['userName'])) {
// Do the processing, most appropriate check whether form is submitted or not
}
Now your code will looks like-
现在您的代码看起来像 -
// Sanatize the data, and make sure to safe your code from sql injections(prefer PDO or mysqli_)
//对数据进行Sanatize,并确保从sql注入中保护您的代码(更喜欢PDO或mysqli_)
if(isset($_GET['userName'])) {
$userName=mysql_real_escape_string($_GET['userName']);
$sql = "SELECT * FROM UserCredentials Where UserName='".$userName."'";
$query = mysql_query($sql, $conn) or die(mysql_error());
$rows = array();
while($row = mysql_fetch_assoc($query)) {
$rows[] = $row;
}
echo json_encode($rows);
}
?>
echo $sql; and run it in phpmyadmin to check your query is forming correctly or not, use var_dump() and read error/warning/notices to track errors.
echo $ sql;并在phpmyadmin中运行它以检查您的查询是否正确形成,使用var_dump()并读取错误/警告/通知来跟踪错误。
#1
0
$query = sprintf("SELECT * FROM UserCredentials where UserName='%s'",mysql_real_escape_string($_GET['userName']));
$result = mysql_query($query);
if(result){
//do you code
}
#2
0
Some suggestions -
一些建议 -
Use isset() , like --
使用isset(),如 -
if(isset($_GET['userName'])) {
// Do the processing, most appropriate check whether form is submitted or not
}
Now your code will looks like-
现在您的代码看起来像 -
// Sanatize the data, and make sure to safe your code from sql injections(prefer PDO or mysqli_)
//对数据进行Sanatize,并确保从sql注入中保护您的代码(更喜欢PDO或mysqli_)
if(isset($_GET['userName'])) {
$userName=mysql_real_escape_string($_GET['userName']);
$sql = "SELECT * FROM UserCredentials Where UserName='".$userName."'";
$query = mysql_query($sql, $conn) or die(mysql_error());
$rows = array();
while($row = mysql_fetch_assoc($query)) {
$rows[] = $row;
}
echo json_encode($rows);
}
?>
echo $sql; and run it in phpmyadmin to check your query is forming correctly or not, use var_dump() and read error/warning/notices to track errors.
echo $ sql;并在phpmyadmin中运行它以检查您的查询是否正确形成,使用var_dump()并读取错误/警告/通知来跟踪错误。