php - 如何从php页面传递参数值

Question

DELIMITER $$

DROP PROCEDURE IF EXISTS `users` $$
CREATE DEFINER=`root`@`localhost` PROCEDURE `users`(in id int(25))
BEGIN

    declare empcode varchar(25);

    set empcode=(select emp_code from transaction_user_register where t_reg_id=id);

    delete from transaction_user_register where t_reg_id=id and emp_code=empcode;

    update user_register set active='2' where reg_id=id and emp_code=empcode;


END $$

DELIMITER ;

如何从 php 页面传递 id....

我从 php 页面调用该过程
我不知道如何传递参数值...

我这样写页面

<? require_once"db.php";
echo $id = $_REQUEST['t_reg_id'];

$connt = mysql_connect($server1, $user1, $pass1, $dbname1) or die ("__construct() Function Problem => ". mysqli_error());
$resr= mysql_query($connt,"CALL users('$id')"); 
mysql_close($connt);




echo "Cron Job Run Succesfully........";

?>

Answer 1

由于您正在使用 mysqli 使用 prepared statements而不是插入查询字符串，这会使您的代码对 SQL 注入(inject)敞开大门。

话虽如此，您的代码可能看起来像这样

<?php
require_once('db.php');
$id = $_REQUEST['t_reg_id'];

$db = new mysqli($server1, $user1, $pass1, $dbname1);
if (!$db) {
    die('Could not connect: ' . $db->connect_error);
}
$stmt = $db->prepare('CALL users(?)');
if (!$stmt) {
    die('Prepare failed: ' . $db->error); 
}
$stmt->bind_param('i', $id); // that's assuming id is an integer value
if(!$stmt->execute()) {
    die('Execute failed: ' . $db->error);
}
$stmt->close()
$db->close();

...