使用PHP将会话变量添加到MYSQL查询中

时间:2021-07-31 17:06:34

Im trying to pass two variables into a mysql query, and its getting stuck when passing the session variable in below:

我试图将两个变量传递给一个mysql查询,并在下面传递会话变量时卡住了:

$check = mysql_query("SELECT * 
                      FROM Clients 
                      WHERE Username = '$new_username' 
                      AND Username != '$_SESSION['Username']'") or die(mysql_error());

Any tips? Thanks in advance.

有小费吗?提前致谢。

4 个解决方案

#1

7  

It is because your single quotes '$_SESSION['Username']' have been ended by the value in the session. Changing this to '" . $_SESSION['Username'] . "' will solve the problem.

这是因为你的单引号'$ _SESSION ['Username']'已经被会话中的值结束了。将此更改为'“。$ _SESSION ['Username']。”'将解决问题。

#2

7  

This will work but this is VERY, VERY BAD:

这将工作,但这非常,非常糟糕:

$check = mysql_query("
    SELECT * 
    FROM  Clients 
    WHERE Username = '$new_username' 
    AND   Username != '{$_SESSION['Username']}'
") or die(mysql_error());

This too shall work and recommended way of doing it:

这也是工作和推荐的方式:

$check = mysql_query("
    SELECT * 
    FROM  Clients 
    WHERE Username  = '" . mysql_real_escape_string($new_username) . "' 
    AND   Username <> '" . mysql_real_escape_string($_SESSION['Username']) . "'
") or die(mysql_error());

#3

0  

When you embed arrays in to strings, you have to seperate them by concatenating them or using curly braces.

将数组嵌入到字符串中时,必须通过连接它们或使用花括号来分隔它们。

$string = "text text {$array['key']} text";

or

$string = "text text " . $array['key'] . " text";

#4

0  

Why no one say about "text text $array[key] text" syntax?

为什么没有人说“text text $ array [key] text”语法?

SELECT * 
FROM  Clients 
WHERE Username = '$new_username' 
AND   Username != '$_SESSION[Username]'

#1

7  

It is because your single quotes '$_SESSION['Username']' have been ended by the value in the session. Changing this to '" . $_SESSION['Username'] . "' will solve the problem.

这是因为你的单引号'$ _SESSION ['Username']'已经被会话中的值结束了。将此更改为'“。$ _SESSION ['Username']。”'将解决问题。

#2

7  

This will work but this is VERY, VERY BAD:

这将工作,但这非常,非常糟糕:

$check = mysql_query("
    SELECT * 
    FROM  Clients 
    WHERE Username = '$new_username' 
    AND   Username != '{$_SESSION['Username']}'
") or die(mysql_error());

This too shall work and recommended way of doing it:

这也是工作和推荐的方式:

$check = mysql_query("
    SELECT * 
    FROM  Clients 
    WHERE Username  = '" . mysql_real_escape_string($new_username) . "' 
    AND   Username <> '" . mysql_real_escape_string($_SESSION['Username']) . "'
") or die(mysql_error());

#3

0  

When you embed arrays in to strings, you have to seperate them by concatenating them or using curly braces.

将数组嵌入到字符串中时,必须通过连接它们或使用花括号来分隔它们。

$string = "text text {$array['key']} text";

or

$string = "text text " . $array['key'] . " text";

#4

0  

Why no one say about "text text $array[key] text" syntax?

为什么没有人说“text text $ array [key] text”语法?

SELECT * 
FROM  Clients 
WHERE Username = '$new_username' 
AND   Username != '$_SESSION[Username]'
标签:

相关文章