如何为 MySQL 表选择列并将其与 PHP 变量进行比较

Question

我正在尝试比较已导入脚本的 MySQL 表列，并将其与我定义的 PHP 值进行比较。

我正在尝试创建一个 if 循环来检查列中的任何值是否等于变量。

// Connect to database containing order information

$servername = "server";
$username = "user";
$password = "pass";

// Create connection
$conn = new mysqli($servername,$username,$password);

// Check connection
if ($conn->connect_error)
{
    die("Connection failed: " . $conn->connect_error);
}

// define variables and set to empty values
$name = $ordernumber = "";

// Load up data from the form

$ordernumber = ($_POST['order_number']);

// Get SQL info
$sql = "SELECT order_number FROM p_orders;";
if ($conn->query($sql) === TRUE)
{
    echo "Checked Orders.....";
}
else
{
    echo "Failed to check orders, please contact Support for assistance" . $conn->error;
}

// Checking Script 

if ($ordernumber === $orders)
{
    echo "Order Number Found.... Let's Select a Seat";
}
else
{
    echo "Your Order was not found, either you did not order a reservation ticket, have not waited 3 days or you entered the number wrong. If issues persist then please contact Support."
    };

Answer 1

脚本的结尾部分应该是这样的……

$stmt =  $mysqli->stmt_init();
if ($stmt->prepare('SELECT order_number FROM p_orders WHERE orderID = ?')) {
    $stmt->bind_param('s',$_POST['order_number']); // i if order number is int
    $stmt->execute();
    $stmt->bind_result($order_number);
    $stmt->fetch();
    if (!empty($order_number))
        echo "Order Number Found.... Let's Select a Seat";
    }else {
        echo "Your Order was not found...";
    }    
    $stmt->close();
}
$mysqli->close();

...请注意，查询现在只查找匹配的记录，并注意使用准备好的语句来确保 post 变量免受 SQL 注入的影响。

只从 SQL 中收集匹配项的原因是，如果您有一百万条记录，数据库将返回所有记录，然后 PHP 将需要循环遍历它们（这可能会导致最大执行、内存和其他错误）。取而代之的是建立这样的数据库来查找 - 注意这个字段上的索引会很好，并且建议使用“youtube 样式”id，这就是为什么我假设使用字符串而不是数字作为变量 minght 暗示 - 它不是“id”，这有很多原因......我添加了一个链接来解释“youtube style”id，我不会在这里详细介绍，但有使用它取得了很多胜利:)

更新基于...

• http://php.net/manual/en/mysqli-stmt.prepare.php
• MySQL prepared statement vs normal query. Gains & Losses
• https://www.youtube.com/watch?v=gocwRvLhDf8（YouTube 会用完视频 ID 吗？）

Answer 2

最好使用 WHERE 子句搜索订单 ID 和 mysqli 准备语句，如下所示。

$mysqli = new mysqli("localhost", "my_user", "my_password", "my_db");
/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$name = "";       
// Load up data from the form  
$ordernumber = $_POST['order_number'];  

/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT COUNT(*) FROM p_orders WHERE orderID=?")) { 

    /* bind parameters for markers */
    $stmt->bind_param("i", $ordernumber ); // "i" if order number is integer, "s" if string

    /* execute query */
    $stmt->execute();

    /* bind result variables */
    $stmt->bind_result($counter);

    /* fetch value */
    $stmt->fetch();

        if ($counter>0) { // if order id is in array or id's
            echo "Order Number Found.... Let's Select a Seat";    
        } else {
            echo "Your Order was not found, either you did not order a reservation ticket, have not waited 3 days or you entered the number wrong. If issues persist then please contact Support."
        }

    /* close statement */
    $stmt->close();
}

/* close connection */
$mysqli->close();