PHP:如何在mysql语句中插入数组值
我有这个数组,并从一个url获取它。这个数组是我需要传递给mysql的成员idPHP:如何在mysql语句中插入数组值,php,mysql,arrays,Php,Mysql,Arrays,我有这个数组,并从一个url获取它。这个数组是我需要传递给mysql的成员id $member_id = $_GET['member_id']; 这样的数组:array([0]=>1269[1]=>385) 我如何将这个数组转移到我的mysql语句中并生成、成为和: $answer_sql = mysql_query("SELECT tna_category. * , tna_question. *, tna_answer. * FROM tn
$member_id = $_GET['member_id'];
array([0]=>1269[1]=>385)$answer_sql = mysql_query("SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '$section_id1'
AND tna_question.id = tna_answer.question_id AND tna_question.category_id = tna_category.id
AND tna_answer.member_id = ['1269' , '385']
ORDER BY tna_answer.question_id");
在这部分中:tna\u answer.member\u id=Array或$member\u id首先拆分数组值,获取数组值中的行数,然后使用for或foreach循环将值逐个传递到查询中。首先拆分数组值,获取数组值中的行数,并使用for或foreach循环将值逐个传递到查询中。首先拆分数组值,获取数组值中的行数,然后使用for或foreach循环将值逐个传递到查询中。首先拆分数组值,获取数组值中的行数,并使用for或foreach循环将值逐个传递到查询中。试试这个
$member_id = $_GET['member_id'];
explodeimplode$member_id = explode(",", $member_id);
answer_sql = mysql_query("SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '$section_id1'
AND tna_question.id = tna_answer.question_id AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN (".implode(",", $member_id).")
ORDER BY tna_answer.question_id");
explodeexplode$member_id = $_GET['member_id'];
explodeimplode$member_id = explode(",", $member_id);
answer_sql = mysql_query("SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '$section_id1'
AND tna_question.id = tna_answer.question_id AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN (".implode(",", $member_id).")
ORDER BY tna_answer.question_id");
explodeexplode$member_id = $_GET['member_id'];
explodeimplode$member_id = explode(",", $member_id);
answer_sql = mysql_query("SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '$section_id1'
AND tna_question.id = tna_answer.question_id AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN (".implode(",", $member_id).")
ORDER BY tna_answer.question_id");
explodeexplode$member_id = $_GET['member_id'];
explodeimplode$member_id = explode(",", $member_id);
answer_sql = mysql_query("SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '$section_id1'
AND tna_question.id = tna_answer.question_id AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN (".implode(",", $member_id).")
ORDER BY tna_answer.question_id");
explodeexplode了解更多详细信息和 您可以像这样在mysql的子句中使用
$your_array = array("0"=>"1269", "1"=>"385");
$in_text = implode(",", $your_array);
$sql = "SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '$section_id1'
AND tna_question.id = tna_answer.question_id
AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN ($in_text)
ORDER BY tna_answer.question_id";
您可以像这样在mysql的
$your_array = array("0"=>"1269", "1"=>"385");
$in_text = implode(",", $your_array);
$sql = "SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '$section_id1'
AND tna_question.id = tna_answer.question_id
AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN ($in_text)
ORDER BY tna_answer.question_id";
您可以像这样在mysql的
$your_array = array("0"=>"1269", "1"=>"385");
$in_text = implode(",", $your_array);
$sql = "SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '$section_id1'
AND tna_question.id = tna_answer.question_id
AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN ($in_text)
ORDER BY tna_answer.question_id";
您可以像这样在mysql的
$your_array = array("0"=>"1269", "1"=>"385");
$in_text = implode(",", $your_array);
$sql = "SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '$section_id1'
AND tna_question.id = tna_answer.question_id
AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN ($in_text)
ORDER BY tna_answer.question_id";
正如其他人所说,您可以在()中使用
,但您显然会受到SQL注入攻击。您需要这样做:
$escaped_ids = array_map('mysql_real_escape_string', $member_ids);
或者,如果它们确实都是整数
$escaped_ids = array_map('intval', $member_ids);
然后,您可以编写如下查询:
$query = "SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '" . mysql_real_escape_string($section_id1) . "'
AND tna_question.id = tna_answer.question_id
AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN (".implode(",", $escaped_ids).")
ORDER BY tna_answer.question_id";
决不,决不,决不在查询中放入未替换的值
此外,您不应该再使用mysql\uuz
函数。请考虑使用<代码> MySqLix函数。 正如其他人所说,您可以在()中使用
,但您显然很容易受到SQL注入攻击。您需要这样做:
$escaped_ids = array_map('mysql_real_escape_string', $member_ids);
或者,如果它们确实都是整数
$escaped_ids = array_map('intval', $member_ids);
然后,您可以编写如下查询:
$query = "SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '" . mysql_real_escape_string($section_id1) . "'
AND tna_question.id = tna_answer.question_id
AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN (".implode(",", $escaped_ids).")
ORDER BY tna_answer.question_id";
决不,决不,决不在查询中放入未替换的值
此外,您不应该再使用mysql\uuz
函数。请考虑使用<代码> MySqLix函数。 正如其他人所说,您可以在()中使用
,但您显然很容易受到SQL注入攻击。您需要这样做:
$escaped_ids = array_map('mysql_real_escape_string', $member_ids);
或者,如果它们确实都是整数
$escaped_ids = array_map('intval', $member_ids);
然后,您可以编写如下查询:
$query = "SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '" . mysql_real_escape_string($section_id1) . "'
AND tna_question.id = tna_answer.question_id
AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN (".implode(",", $escaped_ids).")
ORDER BY tna_answer.question_id";
决不,决不,决不在查询中放入未替换的值
此外,您不应该再使用mysql\uuz
函数。请考虑使用<代码> MySqLix函数。 正如其他人所说,您可以在()中使用
,但您显然很容易受到SQL注入攻击。您需要这样做:
$escaped_ids = array_map('mysql_real_escape_string', $member_ids);
或者,如果它们确实都是整数
$escaped_ids = array_map('intval', $member_ids);
然后,您可以编写如下查询:
$query = "SELECT tna_category. * , tna_question. *, tna_answer. *
FROM tna_category, tna_question, tna_answer
WHERE tna_category.section_id = '" . mysql_real_escape_string($section_id1) . "'
AND tna_question.id = tna_answer.question_id
AND tna_question.category_id = tna_category.id
AND tna_answer.member_id IN (".implode(",", $escaped_ids).")
ORDER BY tna_answer.question_id";
决不,决不,决不在查询中放入未替换的值
此外,您不应该再使用mysql\uuz
函数。请考虑使用<代码> MySqLix函数。 通过foreach获取数组值并在foreach中传递查询如何在Mysql中执行foreach。对不起,你能教我更多吗?另外,请尝试(1269385)中的tna\u-answer\u-member\u-id
。看,我也这么想。在里面感谢您通过foreach获取数组值并在foreach中传递查询我如何在Mysql中执行foreach。对不起,你能教我更多吗?另外,请尝试(1269385)中的tna\u-answer\u-member\u-id
。看,我也这么想。在里面感谢您通过foreach获取数组值并在foreach中传递查询我如何在Mysql中执行foreach。对不起,你能教我更多吗?另外,请尝试(1269385)中的tna\u-answer\u-member\u-id
。看,我也这么想。在里面感谢您通过foreach获取数组值并在foreach中传递查询我如何在Mysql中执行foreach。对不起,你能教我更多吗?另外,请尝试(1269385)中的tna\u-answer\u-member\u-id
。看,我也这么想。在里面考虑到成员id
数组来自外部输入,这是非常不安全的unsafePDO或MySQLi,准备好的语句和参数绑定。这确实是唯一安全的方法,也是不使用的另一个原因them@Phil你看到了吗。使用mysql\u查询操作,所以不要试图降低任何人的积极性else@Phil您将保护它们免受mysql注入的影响,对吗?考虑到成员id
数组来自外部输入,这是ve