PHP 和 MySql 中的时间戳查询已更新答案

【问题标题】：TimeStamp Query in PHP and MySql UPDATEDPHP 和 MySql 中的时间戳查询已更新
【发布时间】：2016-04-13 13:18:32
【问题描述】：

我有这些表，我想从新闻表中获取新闻，但是用户登录后添加的新闻&他没有看到数据取决于 PHP 脚本中显示的查询。

用户当他们登录到系统时，他们会注册他们的登录时间戳。一段时间后，服务会向服务器询问该 User_ID 的新数据，并检查已看到的表，如果新闻不在已看到的表中并且当前时间戳大于登录的时间戳，则该消息是新的。

用户表

User_ID | User_Name   |User_Login
-------------------------------
1       | John        |2016-04-13 16:01:12
2       | Carl        |2016-04-13 16:13:22
3       | Tomas       |2016-04-13 16:01:01
4       | Adam        |2016-04-13 16:04:44
5       | Nancy       |2016-04-13 16:04:37

新闻表

News_ID | News_Text      | News_Post_TimeStamp          
----------------------------------------------
1       | Hello World    | 2016-04-13 16:09:23
2       | This is My car | 2016-04-13 16:10:24
3       | I had Ate pizza| 2016-04-13 16:11:40
4       | Leave Me Alone | 2016-04-13 16:15:30
5       | C++ Programming| 2016-04-13 16:09:50

看过的表格

ID   | User_Id  | News_Id
---------------------------
1    |  1       | 2
2    |  1       | 3
3    |  4       | 1
4    |  5       | 3
5    |  1       | 4

更新这是我的 PHP 脚本代码：

 <?php

require('config.php');
$conn = mysqli_connect($servername, $username, $password, $db);
$query="SELECT * FROM news,users WHERE news.news_id NOT IN (SELECT news_id FROM seen WHERE user_id = '".$_GET['id']."') AND users.user_login<Now() ";


$result = mysqli_query($conn,$query);
$rows = array();
echo mysqli_error($conn);

while($row = mysqli_fetch_assoc($result)) {

    $rows[] = $row;
}

echo json_encode($rows);
?>

这是 JSON 格式：

 [{"News_id":"1","News_Text":"C++programming","news_post_timestamp":"2016-     04-13 16:09:41","User_Id":"14","User_Name":"John","user_login":"2016-04-13 16:04:37"},{"News_id":"1","News_Text":"C++programming","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"15","User_Name":"Carl","user_login":"2016-04-13 16:04:37"},{"News_id":"2","News_Text":"Pizza","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"14","User_Name":"John","user_login":"2016-04-13 16:04:37"},{"News_id":"2","News_Text":"Pizza","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"15","User_Name":"Carl","user_login":"2016-04-13 16:04:37"},{"News_id":"3","News_Text":"Android","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"14","User_Name":"John","user_login":"2016-04-13 16:04:37"},{"News_id":"3","News_Text":"Android","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"15","User_Name":"Carl","user_login":"2016-04-13 16:04:37"},{"News_id":"4","News_Text":"Ahmad","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"14","User_Name":"John","user_login":"2016-04-13 16:04:37"},{"News_id":"4","News_Text":"Ahmad","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"15","User_Name":"Carl","user_login":"2016-04-13 16:04:37"},{"News_id":"5","News_Text":"Toto","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"14","User_Name":"John","user_login":"2016-04-13 16:04:37"},{"News_id":"5","News_Text":"Toto","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"15","User_Name":"Carl","user_login":"2016-04-13 16:04:37"},{"News_id":"6","News_Text":"JaVA","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"14","User_Name":"John","user_login":"2016-04-13 16:04:37"},{"News_id":"6","News_Text":"JaVA","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"15","User_Name":"Carl","user_login":"2016-04-13 16:04:37"},{"News_id":"7","News_Text":"Computer","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"14","User_Name":"John","user_login":"2016-04-13 16:04:37"},{"News_id":"7","News_Text":"Computer","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"15","User_Name":"Carl","user_login":"2016-04-13 16:04:37"},{"News_id":"8","News_Text":"Test","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"14","User_Name":"John","user_login":"2016-04-13 16:04:37"},{"News_id":"8","News_Text":"Test","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"15","User_Name":"Carl","user_login":"2016-04-13 16:04:37"},{"News_id":"9","News_Text":"Test","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"14","User_Name":"John","user_login":"2016-04-13 16:04:37"},{"News_id":"9","News_Text":"Test","news_post_timestamp":"2016-04-13 16:09:41","User_Id":"15","User_Name":"Carl","user_login":"2016-04-13 16:04:37"},{"News_id":"10","News_Text":"Al Hasasd","news_post_timestamp":"2016-04-13 16:47:44","User_Id":"14","User_Name":"John","user_login":"2016-04-13 16:04:37"},{"News_id":"10","News_Text":"Al Hasasd","news_post_timestamp":"2016-04-13 16:47:44","User_Id":"15","User_Name":"Carl","user_login":"2016-04-13 16:04:37"}]

结果中有重复项，谁能告诉我如何删除重复项？

【问题讨论】：

注意 - 如果 $_GET['id'] 来自 不信任 用户输入，我建议在将其插入查询之前添加 html 剥离以防止注入。

标签： php mysql sql json

【解决方案1】：

您的 SQL 应该是这样的（以 User_ID 1 为例）

SELECT * 
FROM news n
WHERE news_id NOT IN (SELECT news_id FROM news_seen WHERE user_id = 1)
AND News_Post_TimeStamp > (SELECT User_Login FROM user_table WHERE User_ID = 1)

（相应地调整user_table）

但在简单地执行此操作之前，您应该调整您的 PHP 代码，因为您所做的是对 SQL 注入的邀请。

理想情况下，您应该使用parameterized queries。

但是，假设您的 USER_ID 是 CHAR 类型，因为您的查询中有引号，您可以使用我添加到您的代码中的这个简单的 sanitize 函数使您的代码更安全。

<?php

require('config.php');
$conn = mysqli_connect($servername, $username, $password, $db);

$userid = sanitize($_GET['id']);
$query="SELECT * FROM news WHERE news_id NOT IN (SELECT news_id FROM news_seen WHERE user_id = '$userid') AND News_Post_TimeStamp > (SELECT User_Login FROM user_table WHERE User_ID = '$userid')";

$result = mysqli_query($conn,$query);
$rows = array();
echo mysqli_error($conn);

while($row = mysqli_fetch_assoc($result)) { 
    $rows[] = $row;
}

echo json_encode($rows);




function sanitize($data)
{
    // remove whitespaces (not a must though)
    $data = trim($data); 

    // apply stripslashes if magic_quotes_gpc is enabled
    if(get_magic_quotes_gpc()) 
    {
    $data = stripslashes($data); 
    }

    // a mySQL connection is required before using this function
    $data = mysql_real_escape_string($data);

    return $data;
}



?>

【讨论】：

这不起作用，它给了我一个空的 Json 数组
如果在phpmyadmin中执行SQL会发生什么？