-2
我想運行不同的查詢,從每個ID收到表,請幫助解決;MySQL PHP基於條件的查詢
例如,如果$ idcat == 5運行查詢和否則,如果$ idcat == 4運行查詢乙
//include connection file
include_once("connection.php");
$db = new dbObj();
$connString = $db->getConnstring();
$params = $_REQUEST;
$action = isset($params['action']) != '' ? $params['action'] : '';
$empCls = new FillEmpty($connString);
function insertFillEmpty($params) {
$data = array();
$catintid = "SELECT categoryinternalID FROM inhandemptystock";
$results = mysqli_query($this->conn, $catintid);
$raw = mysql_fetch_array($results);
$idcat = $raw["categoryinternalID"];
if ($idcat == "5") {
$sqll = "INSERT INTO `testing` (goog) VALUES('" . $params["enteredBy"] . "'); ";
echo $result = mysqli_query($this->conn, $sqll) or die("error to insert employee data");
} else {
echo '<script language="javascript">';
echo 'alert("Something is wrong")';
echo '</script>';
}
}
您的代碼易受[** SQL注入**](https://en.wikipedia.org/wiki/SQL_injection)攻擊。你應該使用[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)或[** PDO **](https://secure.php.net/ manual/en/pdo.prepared-statements.php)準備帶有綁定參數的語句,如[**這篇文章**]所述(https://stackoverflow.com/questions/60174/how-can-i-prevent-sql步噴射功能於PHP)。 –
你在混合mysql和mysqli。不要使用'mysql_ *'函數。自v5.5(2013年6月)開始,它們已被棄用,並從v7.0(2015年12月)開始刪除。請使用[** mysqli _ ***](https://secure.php.net/manual/en/book.mysqli.php)或[** PDO **](https://secure.php.net /manual/en/book.pdo.php)與[**準備語句**](https://secure.php.net/manual/en/pdo.prepare.php)和[**綁定參數** ](https://secure.php.net/manual/en/pdostatement.bindparam.php)。 –
是不是你描述的確切你在做什麼?這裏有什麼問題? – David