Php mysql pdo 查询:用查询结果填充变量

我有一个网站可以轻松生成 ProFTPD 用户.现在，我正在保护我的网站免受 sql 注入攻击，为此，我将所有 mysqli 查询更改为带有准备好的语句的 pdo 查询.

但是我还是没弄明白，如何将sql查询结果保存在变量中.

<预><代码>...用户名=$_POST['用户名'];...$pdo = new PDO('mysql:host=localhost;dbname='db', 'root', 'PW');$query1= $pdo->prepare('select * from users where userid=:username');$query1->execute(array('username' => $username));foreach($query1 作为 $row){$result= $row->userid;}if($result == $username){echo "用户名已被占用";}

当我运行这段代码时，变量 $result 是 emtpy.

我希望有人能帮助我.

提前致谢.

解决方案

你应该使用 PDOStatement::fetch http://php.net/manual/en/pdostatement.fetch.php

I have a website to easily generate ProFTPD users. And now, I am securing my website against sql injection attacks, to do that I am changing all mysqli queries to pdo queries with prepared statements.

But I still couldn't find out, how to save sql query results in variable.

.
.
.

username=$_POST['username'];

.
.
.

$pdo = new PDO('mysql:host=localhost;dbname='db', 'root', 'PW');
$query1= $pdo->prepare('select * from users where userid=:username');
$query1->execute(array('username' => $username));

foreach($query1 as $row)
{
 $result= $row->userid;
}


if($result == $username)
{
 echo "Username is already taken";
}

When I run this code, the variable $result is emtpy.

I hope somebody could help me.

Thanks in advance.

解决方案

You should use PDOStatement::fetch http://php.net/manual/en/pdostatement.fetch.php