使用PHP发布整个mySQL命令
I'm trying to create my own query form, so that I can create a table in my DB, update data, select data, and so on. I have a file test.php with the form on which I will type my commands in a textarea. It will send my query to submitquery.php which contains the exact following:
我正在尝试创建自己的查询表单,以便我可以在数据库中创建表,更新数据,选择数据等。我有一个文件test.php,其中我将在textarea中键入我的命令。它会将我的查询发送到submitquery.php,其中包含以下内容:
<?php
$con=mysqli_connect("host","user","pass","my_db");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"$_POST['myquery']");
mysqli_close($con);
?>
this is the code I have in test.php:
这是我在test.php中的代码:
<form action="submitquery.php" method="post">
<textarea name="myquery" id="myquery"></textarea>
<input type="submit" name="submit" value="Submit">
</form>
but when I submit, I get "Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /public_html/admin/submitquery.php on line 9"
但是当我提交时,我得到“解析错误:语法错误,意外的T_ENCAPSED_AND_WHITESPACE,期望第9行的/public_html/admin/submitquery.php中的T_STRING或T_VARIABLE或T_NUM_STRING”
I'm not that great with PHP, I'm a very basic beginner. Could anyone please tell me what I'm doing wrong? Thanks!
我对PHP不太好,我是一个非常基础的初学者。谁能告诉我我做错了什么?谢谢!
2 个解决方案
#1
0
Do like this..
这样做..
<?php
$query=$_POST['myquery'];
$result = mysqli_query($con,$query);
mysqli_close($con);
?>
Well .. coming to your example.. What if i typed DROP TABLE yourtablename; ? You will lose all your table information.
嗯..来你的例子..如果我输入DROP TABLE yourtablename怎么办; ?您将丢失所有表格信息。
You need to check for SQL Injections... It's highly recommended to use Prepared Statements on PDO rather than doing like this.
您需要检查SQL注入...强烈建议在PDO上使用Prepared Statements而不是这样做。
更多相关文章
- mysqli类使用预处理语句不返回任何数据
- 使用/发送POST数据时的libcurl C问题(不是c++)
- laravel 框架自带表单验证
- PHP:在类中使用数据库
- 纯真ip数据库查询的php实现(补充分组查询)
- 添加到数据库后,保持在同一页面而不刷新它
- PHP 导出 万级别数据 时间测试
- AJAX学习之提交表单
- 数据库是存储我的Web应用程序数据的最佳选择吗?