当前位置: 文江博客话题详情

Select 语句中的 PHP 变量

发布于 2024-09-13 20:47:50 字数 555 浏览 3 评论 0原文

我已经编写了这个正在运行的 PHP 脚本,现在我想将行名称更改为变量(不确定行是否正确),我的意思是 select name 中的“名称” ... 我几乎尝试了所有方法,但都没有给我带来正确的结果。 我知道在像 ("'. $var .'") 这样的语句中使用变量的正常做法是行不通的。

<?php
require_once 'config.php';

$id = $_GET["id"]; //ID OF THE CURRENT CONTACT
$user = $_GET["user"];  //ID OF THE CURRENT USERS

$query = mysql_query("SELECT name FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");

$retval = mysql_fetch_object($query)->name;

$retval = trim($retval);
echo $retval;
?>
原文

I've written this PHP-Script which is working, and now I want to change the row name into a variable to (not sure if row is correct), I mean the "name" from the select name...
I've tried nearly everything, but nothing gave me the right result.
I know that the normal thing how I can use variables in a statement like ("'. $var .'") won't work.

<?php
require_once 'config.php';

$id = $_GET["id"]; //ID OF THE CURRENT CONTACT
$user = $_GET["user"];  //ID OF THE CURRENT USERS

$query = mysql_query("SELECT name FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");

$retval = mysql_fetch_object($query)->name;

$retval = trim($retval);
echo $retval;
?>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

病女 2024-09-20 20:47:50

这容易多了不是吗?

$sql_insert = 
"INSERT INTO customers (        
`name`,
`address`,
`email`,
`phone`
) 
VALUES (        
'$name',
'$address',     
'$email',
'$phone'
)";

This is much easier isn't it?

$sql_insert = 
"INSERT INTO customers (        
`name`,
`address`,
`email`,
`phone`
) 
VALUES (        
'$name',
'$address',     
'$email',
'$phone'
)";
回复 原文
罪#恶を代价 2024-09-20 20:47:50

您要找的是这个吗?即使你的德语问题对我来说也不太清楚:

$field = 'name';
$query = mysql_query("SELECT $field FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");
$retval = mysql_fetch_object($query)->$field;

Is it this you're looking for? Even your question in German isn't that clear to me :

$field = 'name';
$query = mysql_query("SELECT $field FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");
$retval = mysql_fetch_object($query)->$field;
回复 原文
时光倒影 2024-09-20 20:47:50

你可以像这样使用它。目前我假设您只返回一行并且只想使用一个字段。

<?php
require_once 'config.php';

$id = $_GET["id"]; //ID DES DERZEITIGEN KONTAKTES
$user = $_GET["user"];  //ID DES DERZEITIGEN USERS

//Use variable inside closures `` and just in case escape it, depends how you get variable
$query = mysql_query("SELECT `".mysql_real_escape_string($variable)."` FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");


if (!$query) {
    echo 'Could not run query: ' . mysql_error();
    exit;
}
$row = mysql_fetch_row($query); //Retriev first row, with multiple rows use mysql_fetch_assoc
$retval = $row['0']; //Retriev first field

$retval = trim($retval); 
echo $retval;
?>

You can usi it something like this. Currently i assume you get only one row back and want to use only one field.

<?php
require_once 'config.php';

$id = $_GET["id"]; //ID DES DERZEITIGEN KONTAKTES
$user = $_GET["user"];  //ID DES DERZEITIGEN USERS

//Use variable inside closures `` and just in case escape it, depends how you get variable
$query = mysql_query("SELECT `".mysql_real_escape_string($variable)."` FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");


if (!$query) {
    echo 'Could not run query: ' . mysql_error();
    exit;
}
$row = mysql_fetch_row($query); //Retriev first row, with multiple rows use mysql_fetch_assoc
$retval = $row['0']; //Retriev first field

$retval = trim($retval); 
echo $retval;
?>
回复 原文
疯狂的代价 2024-09-20 20:47:50
  • 请用英文发帖。其他人都这样做。
  • 尝试使用不同的获取方法 - 获取关联数组,然后使用动态参数来检索您需要的任何列。
  • 您考虑过使用 PDO 吗?
  • Please post in English. Everyone else does.
  • Try using a different fetch method - fetch an associative array, then use the dynamic parameter to retrieve whatever column it is you need.
  • Have you considered using PDO?
回复 原文
你是年少的欢喜 2024-09-20 20:47:50

我相信由于您使用“行”一词,您(无意中)混淆了事情。从你的例子来看,你的意思是字段/列。听起来您希望使用变量指定要选择的字段,可以通过这些方法中的任何一种来完成...

$fields = "name, age";

$sql = "SELECT $fields FROM table";
$sql = "SELECT {$fields} FROM table";
$sql = "SELECT ".$fields." FROM table";

NB 在 $fields 元素中拥有安全日期非常重要,我会建议使用允许值的白名单,即

// assuming $_POST['fields'] looks something like array('name','age','hack');
$allowed = array('name', 'age');
$fields = array();

foreach ($_POST['fields'] as $field) {
   if (in_array($field, $allowed)) {
      $fields[] = $field;
   }
$fields = implode(', ', $fields);

I believe you are confusing matters (unintentionally) due to your use of the word 'row'. Judging by your example you mean field/column. It sounds like you wish to specify the fields to select using a variable which can be done by any of these methods...

$fields = "name, age";

$sql = "SELECT $fields FROM table";
$sql = "SELECT {$fields} FROM table";
$sql = "SELECT ".$fields." FROM table";

NB it is important that you have secure date in the $fields element, I would suggest using a whitelist of allowed values i.e.

// assuming $_POST['fields'] looks something like array('name','age','hack');
$allowed = array('name', 'age');
$fields = array();

foreach ($_POST['fields'] as $field) {
   if (in_array($field, $allowed)) {
      $fields[] = $field;
   }
$fields = implode(', ', $fields);
回复 原文
二智少女 2024-09-20 20:47:50

这不行吗?

$result = mysql_fetch_array($query);

echo trim($result['name']);

Wouldn't this work?

$result = mysql_fetch_array($query);

echo trim($result['name']);
回复 原文
有木有妳兜一样 2024-09-20 20:47:50

您永远不应该将变量放入字段列表中。
如果想要变量字段名称,请选择 *
然后使用您的变量来获取特定字段

<?php
require_once 'config.php';

$id = mysql_real_escape_string($_GET["id"]); //ID DES DERZEITIGEN KONTAKTES
$user = $_GET["user"];  //ID DES DERZEITIGEN USERS

$query  = "SELECT * FROM contacts WHERE contact_id='$id' and user_id='1'";
$result = mysql_query($query) or trigger_error(mysql_error().$query);

$row = mysql_fetch_array($result);

//and finally
$fieldname = "name";
$retval = $row[$fieldname];

echo $retval;
?>

You should never put a variable into field list.
If want a variable field name, select *
and then use your variable to fetch particular field

<?php
require_once 'config.php';

$id = mysql_real_escape_string($_GET["id"]); //ID DES DERZEITIGEN KONTAKTES
$user = $_GET["user"];  //ID DES DERZEITIGEN USERS

$query  = "SELECT * FROM contacts WHERE contact_id='$id' and user_id='1'";
$result = mysql_query($query) or trigger_error(mysql_error().$query);

$row = mysql_fetch_array($result);

//and finally
$fieldname = "name";
$retval = $row[$fieldname];

echo $retval;
?>
回复 原文
~没有更多了~

关于作者

何时共饮酒

暂无简介

0 文章
0 评论
21 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

13886483628

文章 0 评论 0

流年已逝

文章 0 评论 0

℡寂寞咖啡

文章 0 评论 0

笑看君怀她人

文章 0 评论 0

wkeithbarry

文章 0 评论 0

素手挽清风

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文