我怎樣才能使這個MySQL查詢工作，而不會得到空的結果？

Question

我無法從這個mysql查詢獲得我想要的結果。我認爲麻煩在於這一行代碼：

$ group =「SELECT * from mybb_users where usergroup AND additionalgroups ='$ usergroup'」;

因爲我注意到數據庫中的additionalgroups列有多個用逗號（，）分隔的值，而用戶組只有一個值。下面是截圖：

這裏是圖像：http://i.imgur.com/UTbmX.jpg

整個代碼工作完美的，如果我從代碼中刪除additionalgroups列，只檢查用戶組列，但是這不是我想要的東西:(以下是整個代碼：

// Connect to server and select databse. 
mysql_connect("$db_host", "$db_user", "$db_pass")or die("cannot connect to mysql"); 
mysql_select_db("$db_name")or die("cannot select DB"); 

$id=$_GET['lid'];  // Get lid from URL 
$usergroup =$_GET['game'];  // Get the usergroup/game from the URL 

// Check to see if the user is a VIP Member and fetch them. 
$group="SELECT * from mybb_users where usergroup AND additionalgroups = '$usergroup'"; 
$group2=mysql_query($group) or die("Could not get users"); 
while($raw=mysql_fetch_array($group2)) 
{ 
// Fetch all UserIDs of the VIP members and match them with the UfID (in the userfields table) 
$userid = $raw['uid']; 
$group3="SELECT * from mybb_userfields where ufid = '$userid'"; 
$group4=mysql_query($group3) or die("Could not match userid"); 
while($raw=mysql_fetch_array($group4)) 
{ 
// assigns a lid from the vip members to the variable $lid 
$lid = $raw['fid7']; 
// Display the hash of the lid if it matches with the lid from the URL 
if($lid == '') 
{ 

} 
elseif($lid == $id) 
{ 
echo "[key]{$lid};"; 
} 
else 
{ 
} 
} 

} 

Answer 1

我不知道where usergroup AND ... - 是usergroup一個DB字段？無論如何，你可以這樣做

$group="SELECT * from mybb_users where usergroup AND FIND_IN_SET('$usergroup', additionalgroups) != 0; 

但這還不夠。 AFAICS容易受到SQL注入的影響。請在正確的位置使用mysql_real_escape()，即將用戶輸入的變量放入SQL查詢中的任何位置。

Answer 2

上的檢查方法是用FIND_IN_SET功能

SELECT * from mybb_users where usergroup AND FIND_IN_SET('$usergroup', additionalgroups) != 0