在非对象中调用成员函数fetch（）(Call to a member function fetch() on a non

在非对象中调用成员函数fetch（）(Call to a member function fetch() on a non-object in)

我正在尝试使用pdo在php中进行选择。 它正在使用大量的req但不是在我使用类似的时候，例如：

查询：

SELECT * FROM projets WHERE `identifiantProjetRattachement` LIKE "%PC13287%" ORDER BY "identifiantProjetDSR"

这是我的PHP代码：

<?php function requette($requette,$table) { $bdd = new PDO('mysql:host=localhost;dbname=spb', 'root', ''); $sql = "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='$table';"; $req = $bdd->query($sql); $titres = array(); while($resultat = $req->fetch()) { array_push($titres,$resultat['COLUMN_NAME']); } // ON A LES TITRES DONC ON PASSE AU CONTENU $sql = $requette; $req = $bdd->query($sql); $retour = ""; $cpt = 0; $nbLigne = 0; while($resultat = $req->fetch()) { $nbLigne++; $retour .= "<tr><td class='boutonTouteLaCase' onclick='surlignerLigneProjets(this);'></td><td>$nbLigne</td>"; for($cpt=0;$cpt<count($titres);$cpt++) { if($titres[$cpt] != "id") $retour .= "<td>".utf8_encode($resultat[$titres[$cpt]])."</td>"; } $retour .= "</tr>"; } echo $retour; } $requette = htmlentities($_POST['requette']); $table = htmlentities($_POST['table']); echo $requette."<br/>"; echo $table."<br/>"; echo requette($requette,$table);?>

你认为这是一个重音问题吗？ 或者由于'？ PS：这个req适用于phpmyadmin。 谢谢大家。

I'm trying to make a select in php with pdo. It's working with a lot of req but not when I'm using a like, example :

Query:

SELECT * FROM projets WHERE `identifiantProjetRattachement` LIKE "%PC13287%" ORDER BY "identifiantProjetDSR"

This is my php code :

<?php function requette($requette,$table) { $bdd = new PDO('mysql:host=localhost;dbname=spb', 'root', ''); $sql = "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='$table';"; $req = $bdd->query($sql); $titres = array(); while($resultat = $req->fetch()) { array_push($titres,$resultat['COLUMN_NAME']); } // ON A LES TITRES DONC ON PASSE AU CONTENU $sql = $requette; $req = $bdd->query($sql); $retour = ""; $cpt = 0; $nbLigne = 0; while($resultat = $req->fetch()) { $nbLigne++; $retour .= "<tr><td class='boutonTouteLaCase' onclick='surlignerLigneProjets(this);'></td><td>$nbLigne</td>"; for($cpt=0;$cpt<count($titres);$cpt++) { if($titres[$cpt] != "id") $retour .= "<td>".utf8_encode($resultat[$titres[$cpt]])."</td>"; } $retour .= "</tr>"; } echo $retour; } $requette = htmlentities($_POST['requette']); $table = htmlentities($_POST['table']); echo $requette."<br/>"; echo $table."<br/>"; echo requette($requette,$table);?>

Do you think it's an accent problem ? Or a problem due to a ' ? PS : This req works on phpmyadmin. Thanks for all.

最满意答案

问题是您使自己的查询无效：

... $requette = htmlentities($_POST['requette']); $table = htmlentities($_POST['table']); echo $requette."<br/>"; echo $table."<br/>"; echo requette($requette,$table);

请注意，您正在使用htmlentities($requette) ，稍后您尝试运行该确切的查询：

$sql = $requette; $req = $bdd->query($sql);

该查询将如下所示：

SELECT * FROM projets WHERE identifiantProjetRattachement LIKE &quot;%PC13287%&quot; ORDER BY &quot;identifiantProjetDSR&quot;

对于你提到的例子。 查询无效。

因此，只有在将变量输出到屏幕时才应使用htmlentities() ，但不应更改变量本身：

// Don't do this: // $requette = htmlentities($_POST['requette']); // $table = htmlentities($_POST['table']); // just do this: echo htmlentities($requette)."<br/>"; echo htmlentities($table)."<br/>"; echo requette($requette,$table);

除此之外，我将假设您只能自己访问，因为您正在直接运行用户提供的SQL查询，因此如果未经授权的用户可以访问它，那将非常危险。

The problem is that you are invalidating your own queries:

... $requette = htmlentities($_POST['requette']); $table = htmlentities($_POST['table']); echo $requette."<br/>"; echo $table."<br/>"; echo requette($requette,$table);

Note that you are using htmlentities($requette) and later you try to run that exact query:

$sql = $requette; $req = $bdd->query($sql);

And that query will look like:

SELECT * FROM projets WHERE identifiantProjetRattachement LIKE &quot;%PC13287%&quot; ORDER BY &quot;identifiantProjetDSR&quot;

For the example that you mentioned. An invalid query.

So you should only use htmlentities() when you output your variable to the screen, but you should not change the variable itself:

// Don't do this: // $requette = htmlentities($_POST['requette']); // $table = htmlentities($_POST['table']); // just do this: echo htmlentities($requette)."<br/>"; echo htmlentities($table)."<br/>"; echo requette($requette,$table);

Apart from that I will assume that you only have access to this yourself as you are running user-provided sql queries directly so that would be very dangerous if an unauthorized user had access to that.