基于用户输入的MySQL查询 [英] MySQL query based on user input
本文介绍了基于用户输入的MySQL查询的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个数据库表.我想输入一个文本,用户可以在其中输入"uid",查询将返回与该uid关联的行.
I have a DB table. I want to make a text input where the user can input the "uid" and the query will return the row associated with that uid.
所以说我有这样的东西:
So let's say I have something like this:
$query = "SELECT name,age FROM people WHERE uid = '2' LIMIT 0,1";
$result = mysql_query($query);
$res = mysql_fetch_assoc($result);
echo $res["age"];
我将如何将该查询修改为类似的内容.
how would I modify that query to something like..
SELECT name, age
FROM people
WHERE uid = $_POST['blahblah'] LIMIT 0,1
提前感谢您的帮助!
推荐答案
要保存SQL注入攻击,请使用:
To save from SQL injection attack, use:
$search_query = mysql_real_escape_string($_POST['blahblah']);
$query = "SELECT name, age FROM people WHERE uid = '".$search_query."' LIMIT 0 , 1";
这篇关于基于用户输入的MySQL查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文