尝试更新以避免SQL注入
$codigo=$_POST['voucher'];
$resultado = mysql_query('SELECT * FROM vale WHERE codigo=''.$codigo.''');
$row=mysql_fetch_assoc($resultado);
对此...
$mysqli = new mysqli($host,$username,$passdb,$db_name);
$stmt = $mysqli->prepare('SELECT usuario,creditos FROM vale WHERE codigo=?');
$stmt->bind_param("s", $codigo);
$stmt->execute();
$stmt->bind_result($usuariocodigo,$creditoscodigo);
第一次有效,但脆弱,mysql_query是堕落的。第二个不会给出任何结果。尝试了一切。知道吗?
谢谢
$mysqli = new mysqli($host,$username,$passdb,$db_name);
$stmt = $mysqli->prepare('SELECT usuario,creditos FROM vale WHERE codigo=?');
$stmt->bind_param("s", $codigo);
$stmt->execute();
$result = $stmt->get_result();
$rows = $result->fetch_all(MYSQLI_ASSOC);
$stmt->free_result();
$stmt->close();
$rows将数据作为数组包含