基于用户输入的MySQL查询 [英] MySQL query based on user input

问题描述

我有一个数据库表.我想输入一个文本，用户可以在其中输入"uid"，查询将返回与该uid关联的行.

I have a DB table. I want to make a text input where the user can input the "uid" and the query will return the row associated with that uid.

所以说我有这样的东西:

So let's say I have something like this:

$query = "SELECT name,age FROM people WHERE uid = '2' LIMIT 0,1";
$result = mysql_query($query);
$res = mysql_fetch_assoc($result);

echo $res["age"];

我将如何将该查询修改为类似的内容.

how would I modify that query to something like..

SELECT name, age 
  FROM people 
 WHERE uid = $_POST['blahblah'] LIMIT 0,1

提前感谢您的帮助！

推荐答案

要保存SQL注入攻击，请使用:

To save from SQL injection attack, use:

$search_query = mysql_real_escape_string($_POST['blahblah']);

$query  = "SELECT name, age FROM people WHERE uid = '".$search_query."' LIMIT 0 , 1";

这篇关于基于用户输入的MySQL查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！