1. 首頁
  2. 問答
  3. 如何在mysql查詢中使用循環生成的php變量

如何在mysql查詢中使用循環生成的php變量

2017-04-10 50 views
1

我需要一點幫助。請問如何將PHP值「$ filtr_zamestnanci_ID」添加到sql_query中。代碼在這裏:如何在mysql查詢中使用循環生成的php變量

<?php 
if (isset($_POST["filtr_zamestnanci_ID"])) { 
    for ($a = 0; $a < count($_POST["filtr_zamestnanci_ID"]); $a++) { 
     $filtr_zamestnanci_ID .="AND companies_text_records_user_ID = '".$_POST["filtr_zamestnanci_ID"][$a]."'&nbsp;"; 
    } 
}else { 
    $filtr_zamestnanci_ID = ""; 
} 

echo "filtr_zamestnanci_ID :".$filtr_zamestnanci_ID; 

mysql_query("SET CHARACTER SET utf8"); 
$sql_1 = 
    mysql_query("SELECT * FROM companies_text_records 
     LEFT JOIN companies ON companies_text_records_company_ID = company_ID 
     LEFT JOIN login_users ON user_id = companies_text_records_user_ID 
     WHERE companies_text_records_relative_to = '0' 
     '".$filtr_zamestnanci_ID."' 
     ORDER BY companies_text_records_ID DESC"); 
?>

如果我通過它沒有循環一切都OK。但循環輸出根本不起作用。也許在格式爲「$ filtr_zamestnanci_ID」?

來源

2017-04-10 TOSM-1

+3

FYI,[則不應使用'mysql_ *'功能在新代碼中](http://stackoverflow.com/questions/12859942/)。他們不再被維護[並被正式棄用](https://wiki.php.net/rfc/mysql_deprecation)。看到[紅盒](http://php.net/manual/en/function.mysql-connect.php)?學習[*準備的語句*](https://en.wikipedia.org/wiki/Prepared_statement),並使用[PDO](http://php.net/pdo)或[MySQLi](http:// php.net/mysqli) - [這篇文章](http://php.net/manual/en/mysqlinfo.api.choosing.php)將幫助你決定哪一個最適合你。 –

+3

你的腳本存在[SQL注入攻擊]的風險(http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)看看發生了什麼事[Little鮑比表](http://bobby-tables.com/)即使[如果你逃避投入,它不安全!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around -mysql-real-escape-string)使用[prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)。 –

+0

將mysql_query放入循環中... –

回答

1

請嘗試以下操作。也將解決你的SQL注入的問題:

<?php 
    $conn = new PDO("mysql:host=$hostname;dbname=$db_name;charset=utf8mb4", $db_username, $db_password); 
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 

if (isset($_POST["filtr_zamestnanci_ID"])) { 
    for ($a = 0; $a < count($_POST["filtr_zamestnanci_ID"]); $a++) { 
     $filtr_zamestnanci_ID = $_POST["filtr_zamestnanci_ID"][$a]; 

     $stmt = $conn->prepare("SELECT * FROM companies_text_records 
          LEFT JOIN companies ON companies_text_records_company_ID = company_ID 
          LEFT JOIN login_users ON user_id = companies_text_records_user_ID 
         WHERE companies_text_records_relative_to = '0' 
         AND companies_text_records_user_ID = :company_text_records_user_id 
         ORDER BY companies_text_records_ID DESC"); 

     if ($stmt->execute(array(':company_text_records_user_id' => $filtr_zamestnanci_ID))) { 
      while($row = $stmt->fetch(PDO::FETCH_ASSOC)) { 
       $someField = $row['columnFromDatabase']; 
      } 
      echo 'success'; 
     } 
    } 
}else { 
    $filtr_zamestnanci_ID = ""; 
} 
?>

來源

2017-04-10 11:53:52

0

警告的mysql_query,mysql_fetch_array,的mysql_connect等擴展就被拋棄在PHP 5.5.0,它是PHP 7.0.0中刪除。 應該使用MySQLi或PDO_MySQL擴展。

1)給出的空間之前AND

$filtr_zamestnanci_ID .=" AND companies_text_records_user_ID = '".$_POST["filtr_zamestnanci_ID"][$a]."'";

2)除去封閉對於額外添加的單引號where子句'".$filtr_zamestnanci_ID."'

"SELEC‌​T * FROM companies_text_records LEFT JOIN companies ON companies_text_records_company_ID = company_ID LEFT JOIN login_users ON user_id = companies_text_records_user_ID WHERE companies_text_records_relative_to = '0' ".$filtr_zamestnanci_ID." ORDER BY companies_text_records_ID DESC"

來源

2017-04-10 11:56:02 JYoThI

相關問題

 相關問題