function list_users() { $dbh = get_connection($GLOBALS['db_access_info_daityo']); if ($dbh == false) { error_exit("データベースに接続できません。理由: {$php_errormsg}"); } else { //error_exit("データベースに接続できました。"); } $sql = "select employeecode, employeenamekana, employeenamekanji, password, categorycode, inoutflag, email" . " from employee" . " where (status <> " . bind_param(1, PRAM_STRING) . ")" . " and categorycode in ('005', '007')" . " and (employeecode <> '998' and employeecode <> '999')" . " order by employeecode"; $res = pg_query($dbh, $sql); if ($res == false) { error_exit("SQLの実行に失敗しました。理由: {$php_errormsg}"); } else { $list = pg_fetch_all($res); //$list = array(); //while($rc = pg_fetch_array($res)) { // array_push($list, $rc); //} return $list; } }
<?php echo '<pre>'; print_r($_POST); // abre conexão com o banco $mysqli = new mysqli("127.0.0.1", "user", "pass", "database"); // prepara a SQL para receber os parametros. Neste caso, apenas 1. $con = $mysqli->prepare("INSERT INTO usuarios (nome, usuario, senha) VALUES (?, ?, ?)"); // atribui a variável $id ao primeiro ?, com o filtro “i” (inteiro). Filtros aceitos: i - inteiro, d - double, s - string, b - blob $nome = $_POST['nome']; $email = $_POST['email']; $senha = sha1($_POST['senha']); $nome > bind_param("sss", $nome, $email, $senha); // executa a query já com o parâmetro incluído $con > execute(); header('location:funcionarios.php');
function create_edit_source_info_sql($dbh, $formData, $user) { $sqls = array(); $productID = $formData['product_info'][FLD_PRODUCT_ID]; $modifyInfo = $formData['modifyInfo']; if (!preg_match("/^\\d+\$/", $modifyInfo[FLD_MOD_ID])) { error_exit("修正表No.が不正です。"); } $modSourceInfo = $formData['modSourceInfo']; // 対象レコードを全削除する SQL $sql = "delete from t_modify_source" . " where modify_id = " . bind_param($modifyInfo[FLD_MOD_ID], PRAM_NOT_STRING) . " and tool_id = " . bind_param($formData[FLD_TOOLTYPE_ID], PRAM_NOT_STRING) . " and product_id = " . bind_param($productID, PRAM_NOT_STRING); array_push($sqls, $sql); if ($modSourceInfo != null && count($modSourceInfo) > 0) { foreach ($modSourceInfo as $key => $val) { // 毎回新規追加扱い $sql = "insert into t_modify_source" . " (modify_id, tool_id, product_id, modify_source_id" . ", class_name, method_name, source_comment, editor_id)" . " values (" . bind_param($modifyInfo[FLD_MOD_ID], PRAM_NOT_STRING) . "," . bind_param($formData[FLD_TOOLTYPE_ID], PRAM_NOT_STRING) . "," . bind_param($productID, PRAM_NOT_STRING) . "," . bind_param($key, PRAM_STRING) . "," . bind_param($val[FLD_CLASS_NAME], PRAM_STRING) . "," . bind_param($val[FLD_METHOD_NAME], PRAM_STRING) . "," . bind_param($val[FLD_SOURCE_COMMENT], PRAM_STRING) . "," . bind_param($user[FLD_USER_ID], PRAM_STRING) . ")"; /* // 対象レコードが存在するかチェックする SQL $sqlTemp = "select modify_source_id from t_modify_source" . " where modify_id = " . bind_param($modifyInfo[FLD_MOD_ID], PRAM_NOT_STRING) . " and tool_id = " . bind_param($formData[FLD_TOOLTYPE_ID], PRAM_NOT_STRING) . " and product_id = " . bind_param($productID, PRAM_NOT_STRING) . " and modify_source_id = " . bind_param($key, PRAM_STRING); $sql; if (exist_rec($dbh, $sqlTemp)) { // 対象レコードが存在すれば、update $sql = "update t_modify_source set" . " class_name = " . bind_param($val[FLD_CLASS_NAME], PRAM_STRING) . "," . " method_name = " . bind_param($val[FLD_METHOD_NAME], PRAM_STRING) . "," . " source_comment = " . bind_param($val[FLD_SOURCE_COMMENT], PRAM_STRING) . "," . " editor_id = " . bind_param($user[FLD_USER_ID], PRAM_STRING) . " where modify_id = " . bind_param($modifyInfo, PRAM_NOT_STRING) . " and tool_id = " . bind_param($formData[FLD_TOOLTYPE_ID], PRAM_NOT_STRING) . " and product_id = " . bind_param($productID, PRAM_NOT_STRING) . " and modify_source_id = " . bind_param($key, PRAM_STRING); } else { // 対象レコードが存在しなければ insert $sql = "insert into t_modify_source" . " (modify_id, tool_id, product_id, modify_source_id" . ", class_name, method_name, source_comment, editor_id)" . " values (" . bind_param($modifyInfo[FLD_MOD_ID], PRAM_NOT_STRING) . "," . bind_param($formData[FLD_TOOLTYPE_ID], PRAM_NOT_STRING) . "," . bind_param($productID, PRAM_NOT_STRING) . "," . bind_param($key, PRAM_STRING) . "," . bind_param($val[FLD_CLASS_NAME], PRAM_STRING) . "," . bind_param($val[FLD_METHOD_NAME], PRAM_STRING) . "," . bind_param($val[FLD_SOURCE_COMMENT], PRAM_STRING) . "," . bind_param($user[FLD_USER_ID], PRAM_STRING) . ")"; } */ array_push($sqls, $sql); } } return $sqls; }