我無法從這個mysql查詢獲得我想要的結果。我認爲麻煩在於這一行代碼:我怎樣才能使這個MySQL查詢工作,而不會得到空的結果?
$ group =「SELECT * from mybb_users where usergroup AND additionalgroups ='$ usergroup'」;
因爲我注意到數據庫中的additionalgroups列有多個用逗號(,)分隔的值,而用戶組只有一個值。下面是截圖:
這裏是圖像:http://i.imgur.com/UTbmX.jpg
整個代碼工作完美的,如果我從代碼中刪除additionalgroups列,只檢查用戶組列,但是這不是我想要的東西:(以下是整個代碼:
// Connect to server and select databse.
mysql_connect("$db_host", "$db_user", "$db_pass")or die("cannot connect to mysql");
mysql_select_db("$db_name")or die("cannot select DB");
$id=$_GET['lid']; // Get lid from URL
$usergroup =$_GET['game']; // Get the usergroup/game from the URL
// Check to see if the user is a VIP Member and fetch them.
$group="SELECT * from mybb_users where usergroup AND additionalgroups = '$usergroup'";
$group2=mysql_query($group) or die("Could not get users");
while($raw=mysql_fetch_array($group2))
{
// Fetch all UserIDs of the VIP members and match them with the UfID (in the userfields table)
$userid = $raw['uid'];
$group3="SELECT * from mybb_userfields where ufid = '$userid'";
$group4=mysql_query($group3) or die("Could not match userid");
while($raw=mysql_fetch_array($group4))
{
// assigns a lid from the vip members to the variable $lid
$lid = $raw['fid7'];
// Display the hash of the lid if it matches with the lid from the URL
if($lid == '')
{
}
elseif($lid == $id)
{
echo "[key]{$lid};";
}
else
{
}
}
}
'$ usergroup'直接來自用戶提供的輸入,但不會對其進行清理。請清理您的輸入:http://php.net/manual/en/function.mysql-real-escape-string.php –