我怎样才能使这个 mysql 查询工作而不得到空结果?
我无法从这个 mysql 查询中获取我想要的结果。我认为问题在于这行代码:
$group="SELECT * from mybb_users where usergroup AND extragroups = '$usergroup'";
因为我注意到数据库中的additionalgroups列有多个用逗号(,)分隔的值,而usergroup只有一个值。这是一个屏幕截图:
这是一个图像: https://i.sstatic.net/HVVN9.jpg
如果我从代码中删除additionalgroups 列并只检查usergroup 列,整个代码就可以完美工作,但这不是我想要的:( 下面是整个代码:
// Connect to server and select databse.
mysql_connect("$db_host", "$db_user", "$db_pass")or die("cannot connect to mysql");
mysql_select_db("$db_name")or die("cannot select DB");
$id=$_GET['lid']; // Get lid from URL
$usergroup =$_GET['game']; // Get the usergroup/game from the URL
// Check to see if the user is a VIP Member and fetch them.
$group="SELECT * from mybb_users where usergroup AND additionalgroups = '$usergroup'";
$group2=mysql_query($group) or die("Could not get users");
while($raw=mysql_fetch_array($group2))
{
// Fetch all UserIDs of the VIP members and match them with the UfID (in the userfields table)
$userid = $raw['uid'];
$group3="SELECT * from mybb_userfields where ufid = '$userid'";
$group4=mysql_query($group3) or die("Could not match userid");
while($raw=mysql_fetch_array($group4))
{
// assigns a lid from the vip members to the variable $lid
$lid = $raw['fid7'];
// Display the hash of the lid if it matches with the lid from the URL
if($lid == '')
{
}
elseif($lid == $id)
{
echo "[key]{$lid};";
}
else
{
}
}
}
I am having trouble getting teh results i want from this mysql query. And i think the trouble lies in this line of code:
$group="SELECT * from mybb_users where usergroup AND additionalgroups = '$usergroup'";
because i noticed that the additionalgroups column in the database has more than one value separated by a comma(,) whereas the usergroup only has ONE value. Here is a screenshot:
here is an image: https://i.sstatic.net/HVVN9.jpg
The entire code works perfect if i remove the additionalgroups column from the code and only check the usergroup column, but that is not what i want :( Below is the entire code:
// Connect to server and select databse.
mysql_connect("$db_host", "$db_user", "$db_pass")or die("cannot connect to mysql");
mysql_select_db("$db_name")or die("cannot select DB");
$id=$_GET['lid']; // Get lid from URL
$usergroup =$_GET['game']; // Get the usergroup/game from the URL
// Check to see if the user is a VIP Member and fetch them.
$group="SELECT * from mybb_users where usergroup AND additionalgroups = '$usergroup'";
$group2=mysql_query($group) or die("Could not get users");
while($raw=mysql_fetch_array($group2))
{
// Fetch all UserIDs of the VIP members and match them with the UfID (in the userfields table)
$userid = $raw['uid'];
$group3="SELECT * from mybb_userfields where ufid = '$userid'";
$group4=mysql_query($group3) or die("Could not match userid");
while($raw=mysql_fetch_array($group4))
{
// assigns a lid from the vip members to the variable $lid
$lid = $raw['fid7'];
// Display the hash of the lid if it matches with the lid from the URL
if($lid == '')
{
}
elseif($lid == $id)
{
echo "[key]{$lid};";
}
else
{
}
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
一种检查方法是使用 FIND_IN_SET 函数。
On way to check is with the FIND_IN_SET function.
我不确定
where usergroup AND ...-usergroup是数据库字段吗?不管怎样,你可以用但这还不够。 AFAICS 您很容易受到 SQL 注入攻击。请在正确的位置使用
mysql_real_escape(),即在将带有用户输入的变量放入 SQL 查询的任何位置。I'm not sure about
where usergroup AND ...- isusergroupa DB field? Anyway, you could do it withBut that is not enough yet. AFAICS you are vulnerable to SQL injection. Please use
mysql_real_escape()at the right places, namely everywhere you put variables with user input into a SQL query.