$customer= $_GET['customer'];
// Prepare the query that will be executed
$stmt = $pdo->prepare("SELECT codes.customer AS customer
, codes.views AS views, order.plan AS plan
FROM codes INNER JOIN order ON codes.customerid=order.id
WHERE codes.customer = $𝐜𝐮𝐬𝐭𝐨𝐦𝐞𝐫");
$stmt->execute();
上面的代码显示错误。如何获取codes.customer = Rahul的特定行的数据。
您正在使用预准备语句,这是防止可能的 SQL 注入攻击的方法。但一种方法如下:
$stmt = $pdo->prepare("SELECT codes.customer AS customer,
codes.views AS views, order.plan AS plan
FROM codes INNER JOIN order ON codes.customerid=order.id
WHERE codes.customer = :𝐜𝐮𝐬𝐭𝐨𝐦𝐞𝐫");
$stmt->bindValue(":customer", $customer, PDO::PARAM_STR);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC); /* fetch all rows */
/* or $row = $stmt->fetch(PDO::FETCH_ASSOC); */ /* fetch one row */
foreach($rows as &$row) {
echo 'customer = ', $row['customer'], ', views = ', $row['views'], ', plan = ', $row['plan'], "n";
}