从 SQL 数组中检索所有数据(类似于给定值)
我试图从数据库中检索所有数据 ID,其中它们的标签(数组)就像给定值。 这就是我到目前为止所做的......
$new_string = 'nice phone';
$construct = mysql_query("SELECT tag_array, name, id FROM details
WHERE tag_array LIKE $new_string%")
or die("<p>died 20: $construct<br>" . mysql_error());
while($getThis = mysql_fetch_array($construct)){
echo $getThis['id'].'<br />';
echo stripslashes($getThis['name']).'<br />';
}
它完全不起作用。 你能指出我正确的方向吗? 我真的好难受啊!!
I'm trying to retrieve all the data id from a database where their tags(array) is like a given value.
This is what I have done so far...
$new_string = 'nice phone';
$construct = mysql_query("SELECT tag_array, name, id FROM details
WHERE tag_array LIKE $new_string%")
or die("<p>died 20: $construct<br>" . mysql_error());
while($getThis = mysql_fetch_array($construct)){
echo $getThis['id'].'<br />';
echo stripslashes($getThis['name']).'<br />';
}
It doesn't work ATALL.
Could you please point me to the right direction?
I'm really struggling!!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您应该将 $new_string 放在引号中。
注意这是非常糟糕的做法,您应该始终转义传递给 SQL 的所有变量。您确实应该阅读有关 SQL 注入和其他安全问题的内容。
另外,如果您想在 tag_array 中的任何位置匹配 $new_string (您最有可能想要的),您也需要在其前面添加美元符号。您可以在 MySQL 参考手册 中阅读更多信息。
所以最后:
You should put $new_string in quotes.
NOTE It is very bad practice and you should always escape all variables you are passing to SQL. You should really read up on SQL injection and other security issues.
Also if you want to match $new_string anywhere in tag_array (which you most likely want), you need to add dollar sign in front of it too. You can read up more at MySQL reference manual.
So in the end:
您应该在将数据放入查询之前对其进行清理,例如:
这还不够,尽管它只是有助于防止 sql 注入,请考虑使用正则表达式来清理数据。如果您还不了解正则表达式,请查看此网站:正则表达式信息。它对我很有帮助。
You should sanitise the data before putting it in the query like:
This is not enough though it just helps preventing sql inject, consider using regular expressions to clean the data. If you don't yet know about regexp check out this site: regexp info. It helped me mutch.