PHP,管理员用户系统
我想知道你是否认为这是可能的: 好的,我有一个存储用户名的数据库,我想回显一个名为admins.php的文件中的管理员,如果他们匹配到目前为止我得到的数据库中的用户名:PHP,管理员用户系统,php,Php,我想知道你是否认为这是可能的: 好的,我有一个存储用户名的数据库,我想回显一个名为admins.php的文件中的管理员,如果他们匹配到目前为止我得到的数据库中的用户名: admins.php; $admins = array("username","username2","username3"); 及 while循环应该能够响应与admins.php文件匹配的用户。我想我应该使用类似(inarray())的东西,但我真的不确定。如果您希望语法只从$admins数组中拉入用户,那么您可以使用类似
admins.php;
$admins = array("username","username2","username3");
while循环应该能够响应与admins.php文件匹配的用户。我想我应该使用类似(inarray())的东西,但我真的不确定。如果您希望语法只从
$admins用户$users="SELECT username FROM usrsys WHERE username IN ('".join("','",$admins)."')";
<?php
while($row = mysql_fetch_assoc($query_users)){
if(in_array($row['username'],$admins)){
//do admin stuff here
}else{
//do NON-admin stuff here
}
}?>
JOINusername、username2、username3SELECT username FROM usrsys WHERE username IN ('username','username2','username3')
$query\u vars$users="SELECT username FROM usrsys WHERE username IN ('".join("','",$admins)."')";
<?php
while($row = mysql_fetch_assoc($query_users)){
if(in_array($row['username'],$admins)){
//do admin stuff here
}else{
//do NON-admin stuff here
}
}?>
只需包含admins.php文件,并在循环中使用下一个构造:
while ($row = mysql_fetch_array($users)) {
if (in_array($users[0], $admins))
echo $users[0];
}
<?php
# include admins.php file that holds the admins array
include "admins.php";
# join all values in the admins array using "," as a separator (to use them in the sql statement)
$admins = join(",", $admins);
# execute the query
$result = mysql_query("
SELECT username
FROM usrsys
WHERE username IN ($admins)
");
if ($result) {
while ($row = mysql_fetch_array($result)) {
echo $row["username"] . "<br>";
}
}
?>
您应该在SQL中使用
IN选择COUNT(username)$admins = array("username","username2","username3");
// Make sure you properly escape your data before you put in your SQL
$list = array_map('mysql_real_escape_string', $admins);
// You're going to need to quote the strings as well before they work in your SQL
foreach ($list as $k => $v) $list[$k] = "'$v'";
$list = implode(',', $list);
$users = "SELECT COUNT(username) FROM usrsys WHERE username IN($list)";
$query_users = mysql_query($users);
if (!$query_users) {
echo "Huston we have a problem! " . mysql_error(); // Basic error handling (DEBUG ONLY)
exit;
}
if (false === $result = mysql_fetch_row($query_users)) {
echo "Huston we have a problme! " . mysql_error(); // Basic error handling (DEBUG ONLY)
}
if ($result[0] == count($admins)) {
echo "All admins found! We have {$result[0]} admins in the table... Mission complete. Returning to base, over...";
}
计数然而,我真的敦促您重新考虑使用旧的ext/mysql API与PHP中的mysql数据库进行接口,因为它已经被弃用了,并且在相当长的一段时间内不被使用。我强烈建议您开始使用新的替代API,如PDO或MySQLi,并参阅手册中的指南以获得选择API的帮助 例如,在PDO中,这个过程对于准备好的语句和参数化查询非常简单,因为您不必担心所有这些转义 在(示例#5)中有一个示例演示了如何在准备好的语句中使用in子句。。。然后,您可以在代码中的其他位置重用此语句,它提供了性能优势,同时也使您更难无意中暴露SQL注入漏洞
// Connect to your database
$pdo = new PDO("mysql:dbname=mydb;host=127.0.0.1", $username, $password);
// List of admins we want to find in the table
$admins = array("username","username2","username3");
// Create the place holders for your paratmers
$place_holders = implode(',', array_fill(0, count($admins), '?'));
// Create the prepared statement
$sth = $dbh->prepare("SELECT username FROM usrsys WHERE username IN ($place_holders)");
// Execute the statement
$sth->execute($admins);
// Iterate over the result set
foreach ($sth->fetchAll(PDO::FETCH_ASSOC) as $row) {
echo "We found the user name: {$row['username']}!\n";
}
您的PHP代码使用PDO时甚至看起来更好:)join thing看起来更接近我想要的东西,但是当我回显$users并尝试将其用作phpmyadmin中的SQL命令时,它在“where子句”中显示未知列“username”,啊,我想我知道为什么,这是因为用户未在数据库中注册。编辑:事实上,我现在尝试了一个实际用户,结果还是一样的。原因是您必须像引用SQL代码中的任何字符串一样引用
inmysql\uuz