【问题标题】:Search database using array and then echo/print result in foreach loop using PHP使用数组搜索数据库,然后使用 PHP 在 foreach 循环中回显/打印结果
【发布时间】:2016-01-16 23:28:46
【问题描述】:

我需要从 URL 获取变量 code 所以我是 $codes = $_GET['code']; (url 示例 website.com/update?code[]=7291&code[]=9274&code[]=8264&)然后我 SELECT firstname FROM guests WHERE invitecode = $codes" 然后我输出数据并设置为 $relatives = $row["firstname"] 然后稍后在我需要的文件中回显/打印print $relative

为什么这对我不起作用?

... connection made ...
$codes = $_GET['code'];
$sql = "SELECT firstname FROM guests WHERE invitecode = $codes";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
    $relatives[] = $row["firstname"];
}
}

foreach ($relatives as $relative) {
print $relative;
}

更新:

所以现在使用:

<?php

$codes = $_GET['code'];
$thecodes = "";
foreach($codes as $vals)
    $thecodes .= (int)$vals . ",";
if($thecodes != "")
{
    $thecodes = trim($thecodes, ",");
    $sql = "SELECT firstname FROM guests WHERE invitecode IN ($thecodes)";
    $result = mysqli_query($conn, $sql);
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_assoc($result)) {
    $relatives[] = $row["firstname"];
}
}
foreach ($relatives as $relative) {
print $relative;
}
}
else
{
}

?>

它可以工作,但我想将foreach ($relatives as $relative) { echo $relative; }; 输入到类似$message = $firstname . " " . $lastname . " will be coming to your event. " . ; 这样的值中。

最后会变成这样:$message = $firstname . " " . $lastname . " will be coming to your event. " . foreach ($relatives as $relative) { echo $relative . " "; };

由于某种原因,当我将它们组合起来时它不起作用。

【问题讨论】:

  • 在将用户控制变量插入 SQL 语句时,请正确处理它们:How can I prevent SQL-injection in PHP?
  • 高度建议不要只对循环中的每个代码进行单独的查询。这可笑的低效。只需构建一个WHERE 子句,然后使用一个查询,然后使用 PHP 将其构造成您想要的结构,这很容易。无论如何,foreach 中的查询是一个非常糟糕的主意。我绝不会说这是可以接受的,除非它是一个个人项目,没有其他人可以访问它。

标签: php mysql sql arrays foreach


【解决方案1】:

为此使用IN 运算符。

<?php

$codes = $_GET['code'];
$thecodes = "";
foreach($codes as $vals)
    $thecodes .= (int)$vals . ","; //Loop through making sure each is an int for security reasons (No sqli)
if($thecodes != "") //There is at least one code
{
    $thecodes = trim($thecodes, ","); //Remove any additional commas
    $sql = "SELECT firstname, lastname FROM guests WHERE invitecode IN ($thecodes)"; //Use the IN operator
    $result = mysqli_query($conn, $sql);
    if (mysqli_num_rows($result) > 0) {
        while($row = mysqli_fetch_assoc($result)) {
            echo $row["firstname"] . " " . $row["lastname"] . "is coming to your event";
        }
    }

}
else //No codes to be queried
{

}

?>

【讨论】:

  • 您的示例有效,但如果您查看我对上面帖子的更新。我似乎无法在任何我想要的地方打印$relatives。我在这个语句中需要它:$message = $firstname . " " . $lastname . " will be coming to your event. " . ; 请参见我上面的示例。谢谢。
  • 更新了,你想要这样的吗?
【解决方案2】:

这可以成为您的解决方案吗?

$relatives = array(); // declare array
$codes = $_GET['code'];
$sql = "SELECT firstname FROM guests WHERE ";
foreach ($codes as $code) $sql .= "invitecode = " . intval($code) . " OR ";
$sql .= "1=2"; // simple way to remove last OR or to make sql valid if there are no codes
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
  // output data of each row
  while($row = mysqli_fetch_assoc($result)) {
      array_push($relatives, $row["firstname"]);
  }
}

foreach ($relatives as $relative) {
print $relative;
}

【讨论】:

  • 这很容易受到 SQL 注入的攻击。请转义您的输入。
  • @Adriano 您的示例有效,但我将使用 Matt 的示例,因为他使用 IN 显示它,请查看我的更新
  • @Matt 你是对的。我更改了代码,以便将代码转换为整数。你的解决方案也比我的优雅得多;)
  • @user3263981 我不仅解决了代码问题,还解决了您关于名字数组的问题!您必须将 $relatives 声明为数组,然后您可以使用 array_push 添加更多用户名。
  • @Adriano 是的,这就是马特所展示的。它有效,但是如果您查看我在上面帖子中的更新。我似乎无法在任何我想要的地方打印$relatives。我在这个语句中需要它:$message = $firstname . " " . $lastname . " will be coming to your event. " . ; 请看我上面的例子。
【解决方案3】:

我认为这会起作用...

... connection made ...
$codes = $_GET['code'];
$sql = "SELECT firstname FROM guests WHERE invitecode = '$codes'";
$result = mysqli_query($conn, $sql) or die('-1' . mysqli_error());

if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
    echo ($row['firstname']);
}
}

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2019-06-13
    • 1970-01-01
    • 1970-01-01
    • 2018-04-05
    • 1970-01-01
    • 2016-05-21
    • 2018-01-15
    相关资源
    最近更新 更多