48  

Of course there is. Check out mysql_query, and mysql_fetch_row if you use MySQL.
Example from PHP manual:

当然有。如果你使用MySQL，请查看mysql_query和mysql_fetch_row。 PHP手册示例：

<?php
$result = mysql_query("SELECT id,email FROM people WHERE id = '42'");
if (!$result) {
    echo 'Could not run query: ' . mysql_error();
    exit;
}
$row = mysql_fetch_row($result);

echo $row[0]; // 42
echo $row[1]; // the email value
?>

5  

There are a couple of mysql functions you need to look into.

你需要研究几个mysql函数。

• mysql_query("query string here") : returns a resource
• mysql_query（“query string here”）：返回一个资源

• mysql_fetch_array(resource obtained above) : fetches a row and return as an array with numerical and associative(with column name as key) indices. Typically, you need to iterate through the results till expression evaluates to false value. Like the below:

  mysql_fetch_array（上面获得的资源）：获取一行并以数字和关联（以列名作为键）索引作为数组返回。通常，您需要遍历结果，直到表达式计算为false值。如下所示：

  while ($row = mysql_fetch_array($query)){
      print_r $row;
  }

  Consult the manual, the links to which are provided below, they have more options to specify the format in which the array is requested. Like, you could use mysql_fetch_assoc(..) to get the row in an associative array.

  请参阅手册，下面提供的链接，他们有更多选项来指定请求数组的格式。比如，您可以使用mysql_fetch_assoc（..）来获取关联数组中的行。

Links:

链接：

• http://php.net/manual/en/function.mysql-query.php
• http://php.net/manual/en/function.mysql-query.php
• http://php.net/manual/en/function.mysql-fetch-array.php
• http://php.net/manual/en/function.mysql-fetch-array.php

In your case,

在你的情况下，

$query = "SELECT username,userid FROM user WHERE username = 'admin' ";
$result=mysql_query($query);
if (!$result){
    die("BAD!");
}
if (mysql_num_rows($result)==1){
    $row = mysql_fetch_array($result);
    echo "user Id: " . $row['userid'];
}
else{
    echo "not found!";
}

2  

$query="SELECT * FROM contacts";
$result=mysql_query($query);

-1  

I personally use prepared statements.

我个人使用准备好的陈述。

Why is it important?

它为什么如此重要？

Well it's important because of security. It's very easy to do an SQL injection on someone who use variables in the query.

因为安全，这很重要。对在查询中使用变量的人进行SQL注入非常容易。

Instead of using this code:

而不是使用此代码：

$query = "SELECT username,userid FROM user WHERE username = 'admin' ";
$result=$conn->query($query);

You should use this

你应该用它

$stmt = $this->db->query("SELECT * FROM users WHERE username = ? AND password = ?");
$stmt->bind_param("ss", $username, $password); //You need the variables to do something as well.
$stmt->execute();

Learn more about prepared statements on:

了解有关预备语句的更多信息：

http://php.net/manual/en/mysqli.quickstart.prepared-statements.php MySQLI

http://php.net/manual/en/mysqli.quickstart.prepared-statements.php MySQLI

http://php.net/manual/en/pdo.prepared-statements.php PDO

http://php.net/manual/en/pdo.prepared-statements.php PDO

-1  

$query    =    "SELECT username, userid FROM user WHERE username = 'admin' ";
$result    =    $conn->query($query);

if (!$result) {
  echo 'Could not run query: ' . mysql_error();
  exit;
}

$arrayResult    =    mysql_fetch_array($result);

//Now you can access $arrayResult like this

$arrayResult['userid'];    // output will be userid which will be in database
$arrayResult['username'];  // output will be admin

//Note- userid and username will be column name of user table.