如何为MySQL表选择列并将其与PHP变量进行比较_Php_Mysqli

如何为MySQL表选择列并将其与PHP变量进行比较

php

如何为MySQL表选择列并将其与PHP变量进行比较,php,mysqli,Php,Mysqli,我试图比较我导入到脚本中的MySQL表列，并将其与我定义的PHP值进行比较我试图创建一个if循环，检查列中的任何值是否等于变量 // Connect to database containing order information $servername = "server"; $username = "user"; $password = "pass"; // Create connection $conn = new mysqli($servername,$username,$pass

我试图比较我导入到脚本中的MySQL表列，并将其与我定义的PHP值进行比较

我试图创建一个if循环，检查列中的任何值是否等于变量

// Connect to database containing order information

$servername = "server";
$username = "user";
$password = "pass";

// Create connection
$conn = new mysqli($servername,$username,$password);

// Check connection
if ($conn->connect_error)
{
    die("Connection failed: " . $conn->connect_error);
}

// define variables and set to empty values
$name = $ordernumber = "";

// Load up data from the form

$ordernumber = ($_POST['order_number']);

// Get SQL info
$sql = "SELECT order_number FROM p_orders;";
if ($conn->query($sql) === TRUE)
{
    echo "Checked Orders.....";
}
else
{
    echo "Failed to check orders, please contact Support for assistance" . $conn->error;
}

// Checking Script 

if ($ordernumber === $orders)
{
    echo "Order Number Found.... Let's Select a Seat";
}
else
{
    echo "Your Order was not found, either you did not order a reservation ticket, have not waited 3 days or you entered the number wrong. If issues persist then please contact Support."
    };

脚本的结尾部分应该是这样的

$stmt =  $mysqli->stmt_init();
if ($stmt->prepare('SELECT order_number FROM p_orders WHERE orderID = ?')) {
    $stmt->bind_param('s',$_POST['order_number']); // i if order number is int
    $stmt->execute();
    $stmt->bind_result($order_number);
    $stmt->fetch();
    if (!empty($order_number))
        echo "Order Number Found.... Let's Select a Seat";
    }else {
        echo "Your Order was not found...";
    }    
    $stmt->close();
}
$mysqli->close();

…请注意，查询现在只查找匹配的记录，并注意使用prepared语句使post变量不受SQL注入的影响

从SQL中只收集匹配项的原因是，否则，如果您有一百万条记录，数据库将返回所有记录，然后PHP将需要遍历它们（这可能会导致最大执行、内存和其他错误）。取而代之的是数据库，它是用来查找这样的东西的——注意，在这个字段上建立一个索引是很好的，并且建议使用“youtube风格”的id，这就是为什么我假设使用一个字符串，而不是变量Mingth所暗示的数字——而不是“id”，这是出于很多原因。。。我添加了一个链接来解释“youtube风格”id，我在这里不详细介绍，但使用该链接可以获得很多好处：）

更新基于

（YouTube视频ID会用完吗？）

$mysqli = new mysqli("localhost", "my_user", "my_password", "my_db");
/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$name = "";       
// Load up data from the form  
$ordernumber = $_POST['order_number'];  

/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT COUNT(*) FROM p_orders WHERE orderID=?")) { 

    /* bind parameters for markers */
    $stmt->bind_param("i", $ordernumber ); // "i" if order number is integer, "s" if string

    /* execute query */
    $stmt->execute();

    /* bind result variables */
    $stmt->bind_result($counter);

    /* fetch value */
    $stmt->fetch();

        if ($counter>0) { // if order id is in array or id's
            echo "Order Number Found.... Let's Select a Seat";    
        } else {
            echo "Your Order was not found, either you did not order a reservation ticket, have not waited 3 days or you entered the number wrong. If issues persist then please contact Support."
        }

    /* close statement */
    $stmt->close();
}

/* close connection */
$mysqli->close();

mysqli