php Select语句中的PHP变量
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3476108/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP Variable in Select Statement
提问by mikepenz
I've written this PHP-Script which is working, and now I want to change the row name into a variable to (not sure if row is correct), I mean the "name" from the select name... I've tried nearly everything, but nothing gave me the right result. I know that the normal thing how I can use variables in a statement like ("'. $var .'") won't work.
我已经编写了这个正在运行的 PHP 脚本,现在我想将行名称更改为一个变量(不确定行是否正确),我的意思是选择名称中的“名称” ......我已经尝试了几乎所有的方法,但没有给我正确的结果。我知道如何在像 ("'. $var .'") 这样的语句中使用变量的正常做法是行不通的。
<?php
require_once 'config.php';
$id = $_GET["id"]; //ID OF THE CURRENT CONTACT
$user = $_GET["user"]; //ID OF THE CURRENT USERS
$query = mysql_query("SELECT name FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");
$retval = mysql_fetch_object($query)->name;
$retval = trim($retval);
echo $retval;
?>
采纳答案by Izzy
This is much easier isn't it?
这要容易得多不是吗?
$sql_insert =
"INSERT INTO customers (
`name`,
`address`,
`email`,
`phone`
)
VALUES (
'$name',
'$address',
'$email',
'$phone'
)";
回答by Aivar
You can usi it something like this. Currently i assume you get only one row back and want to use only one field.
你可以像这样使用它。目前我假设您只返回一行并且只想使用一个字段。
<?php
require_once 'config.php';
$id = $_GET["id"]; //ID DES DERZEITIGEN KONTAKTES
$user = $_GET["user"]; //ID DES DERZEITIGEN USERS
//Use variable inside closures `` and just in case escape it, depends how you get variable
$query = mysql_query("SELECT `".mysql_real_escape_string($variable)."` FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");
if (!$query) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($query); //Retriev first row, with multiple rows use mysql_fetch_assoc
$retval = $row['0']; //Retriev first field
$retval = trim($retval);
echo $retval;
?>
回答by wimvds
Is it this you're looking for? Even your question in German isn't that clear to me :
这是你要找的吗?甚至你的德语问题对我来说也不是那么清楚:
$field = 'name';
$query = mysql_query("SELECT $field FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");
$retval = mysql_fetch_object($query)->$field;
回答by tdammers
- Please post in English. Everyone else does.
- Try using a different fetch method - fetch an associative array, then use the dynamic parameter to retrieve whatever column it is you need.
- Have you considered using PDO?
- 请用英文发帖。其他人都这样。
- 尝试使用不同的提取方法 - 提取关联数组,然后使用动态参数检索您需要的任何列。
- 您是否考虑过使用 PDO?
回答by Peter O'Callaghan
I believe you are confusing matters (unintentionally) due to your use of the word 'row'. Judging by your example you mean field/column. It sounds like you wish to specify the fields to select using a variable which can be done by any of these methods...
由于您使用了“行”这个词,我相信您(无意中)混淆了问题。从你的例子来看,你的意思是字段/列。听起来您希望使用可以通过任何这些方法完成的变量来指定要选择的字段......
$fields = "name, age";
$sql = "SELECT $fields FROM table";
$sql = "SELECT {$fields} FROM table";
$sql = "SELECT ".$fields." FROM table";
NBit is important that you have secure date in the $fields element, I would suggest using a whitelist of allowed values i.e.
注意,在 $fields 元素中有安全日期很重要,我建议使用允许值的白名单,即
// assuming $_POST['fields'] looks something like array('name','age','hack');
$allowed = array('name', 'age');
$fields = array();
foreach ($_POST['fields'] as $field) {
if (in_array($field, $allowed)) {
$fields[] = $field;
}
$fields = implode(', ', $fields);
回答by Andrei Serdeliuc ?
Wouldn't this work?
这行不通?
$result = mysql_fetch_array($query);
echo trim($result['name']);
回答by Your Common Sense
You should never put a variable into field list.
If want a variable field name, select *
and then use your variable to fetch particular field
您永远不应该将变量放入字段列表中。
如果想要一个变量字段名称,请选择 * 然后使用您的变量来获取特定字段
<?php
require_once 'config.php';
$id = mysql_real_escape_string($_GET["id"]); //ID DES DERZEITIGEN KONTAKTES
$user = $_GET["user"]; //ID DES DERZEITIGEN USERS
$query = "SELECT * FROM contacts WHERE contact_id='$id' and user_id='1'";
$result = mysql_query($query) or trigger_error(mysql_error().$query);
$row = mysql_fetch_array($result);
//and finally
$fieldname = "name";
$retval = $row[$fieldname];
echo $retval;
?>
