php 从 mysqli_Query 回显结果
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29781511/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Echo results from mysqli_Query
提问by tmello01
I'm making a personal script for my own use, and I need to know how to echo the results from a mysqli_query. My code is as follows:
我正在制作一个供我自己使用的个人脚本,我需要知道如何从 mysqli_query 回显结果。我的代码如下:
$conn = mysqli_connect($servername, $username, $password, $dbname);
if(isset($_POST['commercial'])){
if (isset($_POST['0'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a'";
$resultsd1 = mysqli_query($conn, $sql);
echo $resultsd1;
}
if (isset ($_POST['1'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 2 AND sent='a'";
$resultsd2 = mysqli_query($conn, $sql);
echo $resultsd2;
}
if (isset($_POST['2'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 3 AND sent='a'";
$resultsd3 = mysqli_query($conn, $sql);
echo $resultsd3;
}
if (isset ($_POST['3'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 4 AND sent='a'";
$resultsd4 = mysqli_query($conn, $sql);
echo $resultsd4;
}
if (isset ($_POST['4'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 5 AND sent='a'";
$resultsd5 = mysqli_query($conn, $sql);
echo $resultsd5;
}
}
?>
回答by Kristapsv
If u want to return multiple rows
如果你想返回多行
if (isset($_POST['0'])) {
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a'";
$resultsd1 = mysqli_query($conn, $sql);
while ($row = mysqli_fetch_assoc($resultsd1))
{
echo $row['email'];
}
}
If only 1 row
如果只有 1 行
if (isset($_POST['0'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a' LIMIT 1";
$resultsd1 = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($resultsd1);
echo $row['email'];
}
回答by Quim Calpe
First of all as @fred-ii said, escape your post, there is also an error in your $_POST access, you are missing quotes around article key, and lastly use mysqli_fetch_assoc to acces your results:
首先,正如@fred-ii 所说,转义您的帖子,您的 $_POST 访问也存在错误,您缺少文章键周围的引号,最后使用 mysqli_fetch_assoc 访问您的结果:
...
if (isset($_POST['0'])) {
$article = mysqli_real_escape_string($conn, $_POST['article']);
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$article' AND dripid = 1 AND sent='a'";
if ($resultsd1 = mysqli_query($conn, $sql)) {
if ($row = mysqli_fetch_assoc($resultsd1)) {
echo $row['email'];
}
}
}
...
回答by Dharman
You can simply loop on the result object with foreachloop. If you want to fetch all the rows into a PHP variable you can use fetch_all().
您可以简单地使用循环在结果对象上foreach循环。如果要将所有行提取到 PHP 变量中,可以使用fetch_all().
$result = mysqli_query($conn, 'SELECT ...');
foreach($result as $row) {
print_r($row);
// do something with each row
}
// or
$result = $conn->('SELECT ...')->fetch_all(MYSQLI_ASSOC);
foreach($result as $row) {
print_r($row);
// do something with each row
}
However, in your case you should not be using mysqli_query()at all! This leaves you vulnerable to SQL injection. You must use parameter binding, which is available with prepared statements.
但是,在您的情况下,您根本不应该使用mysqli_query()!这使您容易受到 SQL 注入的影响。您必须使用参数绑定,这可用于准备好的语句。
For example your fixed query would look like this:
例如,您的固定查询如下所示:
$stmt = $con->prepare("SELECT email FROM CommercialEmails WHERE articleid = ? AND dripid = 1 AND sent = 'a' ");
$stmt->bind_param('s', $_POST['article']);
$stmt->execute();
$result = $stmt->get_result();
foreach ($result as $row) {
print_r($row);
}
The difference is that my variable is not separate from the SQL, so there is no risk of injection. You should never allow any variable input directly in SQL query. Doing this properly is really not that difficult.
不同的是我的变量没有和SQL分开,所以不存在注入的风险。您永远不应该在 SQL 查询中直接允许任何变量输入。正确地做到这一点真的没有那么困难。
Also, you don't really need to repeat the code so much. You can parameterize dripidtoo and reduce the number of lines in your code.
此外,您真的不需要重复太多代码。您也可以参数化dripid并减少代码中的行数。
