SELECT WHERE A=“$var"的奇怪行为;SQL [英] Strange behavior with SELECT WHERE A="$var" SQL

查看:32
本文介绍了SELECT WHERE A=“$var"的奇怪行为;SQL的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我寻找了答案,但找不到,因为这里的问题似乎略有不同.

I looked for an answer but could not find it as the issue seems to be slightly different here.

$vid = $_SESSION['ID_Vendor'];
echo "ID: $vid";
$q = 'SELECT business_name, vd.ID_Vendor, res.ID_RestaurantEstablishment 
  FROM restaurant res
   INNER JOIN vendor_data vd
  ON vd.ID_Vendor=res.ID_Vendor AND res.ID_Vendor="$vid" ORDER BY business_name ASC';

变量 $vid 确实有一个值(在这种情况下等于 2,但它可能不同),但是,当我专门设置

The variable $vid has indeed a value (equal to 2 in this case, but it could be different), HOWEVER, when I specifically set 

 WHERE res.ID_Vendor=2

我的查询返回正确和预期的值列表,但是当我使用

my query returns the correct and expected list of values, but when, instead, I use 

 WHERE res.ID_Vendor="$vid"

使用$vid",我的值的回声就是空的.

with "$vid", the echo of my values is simply empty.

以下是用于回显输出的完整代码片段.感谢您的帮助.

Below is the full snippet of the code to also echo the output. Thanks for your help.

 $vid = $_SESSION['ID_Vendor'];
 echo "ID: $vid";
 $q = 'SELECT business_name, vd.ID_Vendor, res.ID_RestaurantEstablishment 
  FROM restaurant res
   INNER JOIN vendor_data vd
  ON vd.ID_Vendor=sfe.ID_Vendor AND res.ID_Vendor="$vid" ORDER BY   business_name ASC';
 $r = mysqli_query($connection, $q);
 while ($row = mysqli_fetch_array ($r, MYSQLI_NUM)) {

  echo '>' . htmlspecialchars($row[0]) . '  ' . htmlspecialchars($row[1]) . '   ' . htmlspecialchars($row[2]) .'</option>';
}

推荐答案

既然我提出了这个想法,我想我应该说明准备语句的使用.

Since I raised the idea, I suppose I should illustrate the use of prepared statements.

使用 mysqli 可以进行如下操作(假设 $connection 已成功初始化):

Using mysqli one would proceed as follows (assuming $connection has been successfully initialized):

// The indentation here is purely a matter of personal preference
$query = 'SELECT business_name, vd.ID_Vendor, res.ID_RestaurantEstablishment 
            FROM restaurant res
            INNER JOIN vendor_data vd
              ON vd.ID_Vendor = res.ID_Vendor
            WHERE res.ID_Vendor = ?
            ORDER BY business_name ASC';

$stmt = $connection->prepare($query);
$stmt->bind_param('s', $vid);  // 's' assumes $vid is string; use 'i' for int
$stmt->execute();
$res = $stmt->get_result();
while ($row = $res->fetch_array(MYSQLI_NUM))
{
    echo '>' . htmlspecialchars($row[0]) . '  ' . htmlspecialchars($row[1]) . '   ' . htmlspecialchars($row[2]) .'</option>';
}

使用 PDO 的习惯用法是一样的.记录了 PDO 数据源名称 (DSN) 的格式在线.

$conn = new PDO($dsn, $username, $password); // define these vars elsewhere
$query = 'SELECT business_name, vd.ID_Vendor, res.ID_RestaurantEstablishment 
            FROM restaurant res
            INNER JOIN vendor_data vd
              ON vd.ID_Vendor = res.ID_Vendor
            WHERE res.ID_Vendor = :vid
            ORDER BY business_name ASC';
$stmt = $conn->prepare($query);
$stmt->execute(array(':vid' => $vid));
while ($row = $stmt->fetch(PDO::FETCH_NUM))
{
    echo '>' . htmlspecialchars($row[0]) . '  ' . htmlspecialchars($row[1]) . '   ' . htmlspecialchars($row[2]) .'</option>';
}

在这两种情况下,我都将错误处理留给读者作为练习.

In both cases I leave error handling as an exercise for the reader.

这篇关于SELECT WHERE A=“$var"的奇怪行为;SQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆