如何訪問登錄名MySQL的PHP​​

Question

這是我的登錄用戶名PHP代碼

<p align="center">username: <?php echo $_SESSION['SESS_FIRST_NAME']; ?></p> 

，這是MySQL查詢

$query = "SELECT * FROM `carddetail` where drivername='open' ORDER BY `carddetail_cardno` ASC LIMIT $from, $max_results"; 

我怎麼可以把這個驅動程序名在這其中DRIVERNAME =」打開」 supose如果我的司機登錄名是她的名字，以便查詢只顯示她的名字數據

我怎樣才能把

在這個

where drivername='<?php echo $_SESSION['SESS_FIRST_NAME']; ?>「

，當我把這樣的顯示此錯誤

解析錯誤：語法錯誤，意想不到的T_ENCAPSED_AND_WHITESPACE，期待T_STRING或T_VARIABLE或T_NUM_STRING在E：\ home.php上線210

請幫我解決這個問題 感謝

Answer 1

使用這樣的：

$query = "SELECT * FROM `carddetail` 
    where 
    drivername='{$_SESSION['SESS_FIRST_NAME']}' 
    ORDER BY `carddetail_cardno` ASC LIMIT $from, $max_results"; 

然而，這種方式並不安全，你可以使用mysql_real_escape_string（）：

$drivername = mysql_real_escape_string($_SESSION['SESS_FIRST_NAME']); 
    $query = "SELECT * FROM `carddetail` 
    where 
    drivername='$drivername' 
    ORDER BY `carddetail_cardno` ASC LIMIT $from, $max_results"; 

或切換到PDO或mysqli的，用事先準備好的聲明（參數化查詢）

Answer 2

用途如下：

$query = "SELECT * FROM `carddetail` where drivername='". $_SESSION['SESS_FIRST_NAME'] ."' ORDER BY `carddetail_cardno` ASC LIMIT $from, $max_results"; 

Answer 3

您在$query變量，它已經在開放PHP標籤。

session_start(); 
if(isset($_SESSION['SESS_FIRST_NAME'])){ 
$session_fname = $_SESSION['SESS_FIRST_NAME']; 
} 

    $query = "SELECT * FROM `carddetail` where drivername= $session_fname ORDER BY `carddetail_cardno` ASC LIMIT $from, $max_results"; 

Answer 4

我建議您使用MySQLi或PDO，因爲現在不推薦使用mysql_函數。

$db = new mysqli($hostname, $username, $password, $db_name); 
$name = $_SESSION['SESS_FIRST_NAME']; 

$stmt = $db->prepare("SELECT * FROM carddetail WHERE drivername = ? ORDER BY `carddetail_cardno` ASC LIMIT $from, $max_results"); 
$stmt->bind_param("si", $name); 
$stmt->execute(); 
$stmt->close();