将 MySQL 数据库值分配给 PHP 变量
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22521048/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Assign MySQL database value to PHP variable
提问by M.G.Ptheitroadot
I have a MySQL Database Table containing products and prices. Though an html form I got the product name in a certain php file. For the operation in this file I want to do I also need the corresponding price.
我有一个包含产品和价格的 MySQL 数据库表。虽然是 html 表单,但我在某个 php 文件中获得了产品名称。对于这个文件中我想做的操作我也需要相应的价格。
To me, the following looks clear enough to do it:
对我来说,以下内容看起来足够清楚了:
$price = mysql_query("SELECT price FROM products WHERE product = '$product'");
However, its echo returns:
但是,它的回声返回:
Resource id #5
instead a value like like:
而是像这样的值:
59.95
There seem to be other options like mysqli_fetch_assoc mysqli_fetch_array But I can't get them to output anything meaningful and I don't know which one to use.
似乎还有其他选项,例如 mysqli_fetch_assoc mysqli_fetch_array 但我无法让它们输出任何有意义的内容,而且我不知道该使用哪个选项。
Thanks in advance.
提前致谢。
回答by Fabio
You will need to fetch data from your database
您需要从数据库中获取数据
$price = mysql_query("SELECT price FROM products WHERE product = '$product'");
$result = mysql_fetch_array($price);
Now you can print it with
现在你可以用
echo $result['price'];
As side note I would advise you to switch to either PDOor mysqlisince mysql_*api are deprecated and soon will be no longer mantained
回答by Tularis
If you read the manual at PHP.net (link), it will show you exactly what to do.
如果您阅读 PHP.net 上的手册(链接),它将准确地告诉您该怎么做。
In short, you perform the query using mysql_query (as you did), which returns a Result-Resource. To actually get the results, you need to perform either mysql_fetch_array, mysql_fetch_assocor mysql_fetch_objecton the result resource. Like so:
简而言之,您使用 mysql_query(正如您所做的那样)执行查询,它返回一个 Result-Resource。要实际获得结果,您需要对结果资源执行mysql_fetch_array,mysql_fetch_assoc或mysql_fetch_object。像这样:
$res = mysql_query("SELECT something FROM somewhere"); // perform the query on the server
$result = mysql_fetch_array($res); // retrieve the result from the server and put it into the variable $result
echo $result['something']; // will print out the result you retrieved
Please be aware though that you should notuse the mysql extension anymore; it has been officially deprecated. Instead you should use either PDOor MySQLi. So a better way to perform the same process, but using for example the MySQLi extension would be:
请注意,您不应再使用 mysql 扩展;它已被正式弃用。相反,您应该使用PDO或MySQLi。因此,执行相同过程的更好方法是,例如使用 MySQLi 扩展:
$db = new mysqli($host, $username, $password, $database_name); // connect to the DB
$query = $db->prepare("SELECT price FROM items WHERE itemId=?"); // prepate a query
$query->bind_param('i', $productId); // binding parameters via a safer way than via direct insertion into the query. 'i' tells mysql that it should expect an integer.
$query->execute(); // actually perform the query
$result = $query->get_result(); // retrieve the result so it can be used inside PHP
$r = $result->fetch_array(MYSQLI_ASSOC); // bind the data from the first result row to $r
echo $r['price']; // will return the price
The reason this is better is because it uses Prepared Statements. This is a safer way because it makes SQL injection attacks impossible. Imagine someone being a malicious user and providing $itemId = "0; DROP TABLE items;". Using your original approach, this would cause your entire table to be deleted! Using the prepared queries in MySQLi, it will return an error stating that $itemId is not an integerand as such will not destroy your script.
这样做更好的原因是它使用了准备好的语句。这是一种更安全的方法,因为它使 SQL 注入攻击成为不可能。想象一下某人是恶意用户并提供$itemId = "0; DROP TABLE items;". 使用您原来的方法,这将导致您的整个表被删除!在 MySQLi 中使用准备好的查询,它会返回一个错误,说明$itemId is not an integer不会破坏你的脚本。
