下面的代码可以工作,但是如果我输入了一些组合,比如index.php?page_no(没有页面#),或者page_no=0(零即,但是page_no=1,上面的所有组合都可以工作),或者如果我在url中输入了19个以上的数字(比如22222222222222222222222)(在index.php?page_no=之后),我会得到以下类型的错误:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '5.55555555556E+19,5' at line 1' in
或
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-5,5' at line 1' in
我的代码如下:
分页:
<?php
class pager {
private $db;
function __construct($DB_con) {
$this->db = $DB_con;
}
public function dataview($query)
{
$stmt = $this->db->prepare($query);
$stmt->bindParam(passport, $_GET['passport'], PDO::PARAM_INT);
$stmt->execute();
if ($stmt->rowCount() > 0) {
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
?>
// some html here and some echo of columns
<?php
}
}
}
public function pagers($query,$records_per_page) {
$starting_position=0;
if(isset($_GET["page_no"])) {
$starting_position=($_GET["page_no"]-1)*$records_per_page;
}
$query2=$query." limit $starting_position,$records_per_page";
return $query2;
}
public function pagerslink($query,$records_per_page)
{
$self = $_SERVER['PHP_SELF'];
$stmt = $this->db->prepare($query);
$stmt->bindParam(passport, $_GET['passport'], PDO::PARAM_INT);
$stmt->execute();
$total_no_of_records = $stmt->rowCount();
if($total_no_of_records > 0)
{
?><tr><td colspan="7"><?php
$total_no_of_pages=ceil($total_no_of_records/$records_per_page);
$current_page=1;
if(isset($_GET["page_no"]))
{
$current_page=$_GET["page_no"];
}
if($current_page!=1) {
$previous =$current_page-1;
echo "<a href='".$self."?page_no=1'>First</a> ";
echo "<a href='".$self."?page_no=".$previous."'>Previous</a> ";
}
$x="";
for($i=1;$i<=$total_no_of_pages;$i++) {
if($i==$current_page) {
$x.= "<strong><a href='".$self."?page_no=".$i."'
style='color:red;text-decoration:none'>".$i."</a></strong> ";
}
elseif ($i>6 && $i!=$total_no_of_pages) {
$x.= ".";
}
else {
$x.= "<a href='".$self."?page_no=".$i."'>".$i."</a> ";
}
}
echo $x;
if($current_page!=$total_no_of_pages)
{
$next=$current_page+1;
echo "<a href='".$self."?page_no=".$next."'>Next</a> ";
echo
"<a href='".$self."page_no=".$total_no_of_pages."'>Last</a> ";
}
}
}
}
索引:
<?php
$query = "SELECT * FROM view-i-created ORDER BY passport DESC";
$records_per_page = 5;
$newquery = $pager->pagers($query,$records_per_page);
$pager->dataview($newquery);
$pager->pagerslink($query,$records_per_page);
?>
部分配置文件(我最近添加了第一行,但没有帮助):
$DB_con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$DB_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
我已经连续几天24-7小时都在做这个了。直到几周前我自己偶然发现这个问题,我才知道自己有这个问题。
如果有人能在这里读到正确的方向,我将非常感激。谢谢!
最佳答案
乍一看,这似乎是同一问题的两个方面:SQL“LIMIT”命令的参数无效。
在一端,提供负值:
$starting_position=($_GET["page_no"]-1)*$records_per_page;
$query2=$query." limit $starting_position,$records_per_page";
当“page_no”为0时,则该限制将结束为“limit-5,5”,这是无效的。要解决此问题,请改用以下方法:
$limit_bounded = min(max(0, $starting_position), PHP_INT_MAX); // Bounded between 0 and PHP_INT_MAX, which is ~2147000000.
$query2=$query." limit $limit_bounded,$records_per_page";
在高端,您可能会看到整数溢出,或者只是使用太多字符作为限制的上限。
作为一个安全问题,您应该转义您在SQL查询中使用的参数,特别是当您从$GET接收到这些参数时,以便防止SQL注入(恶意用户可能会请求“'DROP TABLES”或类似于'page_no'的变量,并为您造成问题)
关于php - PDO语法或带有分页脚本的访问冲突错误,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/35460661/