Php 检索属于会话和用户id的数据
我试图从当前会话中获取数据,并从tbl_bidder中获取字段“bidder_id”,其中字段“accept”的值为Accepted,但我获取该表中所有用户的数据,这不是我想要的。这是我的密码Php 检索属于会话和用户id的数据,php,mysql,Php,Mysql,我试图从当前会话中获取数据,并从tbl_bidder中获取字段“bidder_id”,其中字段“accept”的值为Accepted,但我获取该表中所有用户的数据,这不是我想要的。这是我的密码 <?php } else if (($_SESSION['Usertype']) == 'recruiter') { ?> <table class="table table-hover"> <?php $u_id = $_S
<?php } else if (($_SESSION['Usertype']) == 'recruiter') { ?>
<table class="table table-hover">
<?php
$u_id = $_SESSION['UserID'];
$notifyR = " SELECT bidid, recbid_id, bidder_id, selected, accept FROM tbl_bides WHERE recbid_id = '" . $u_id . "'";
$ResultR = mysql_query($notifyR, $con);
while ($rowR = mysql_fetch_array($ResultR)) {
if ($rowR['accept'] == "Accepted") {
echo "<h3 style='color:#001F7A;'><b>You Have Updates </b><i class='fa fa-bell-o'></i></h3>";
echo $rowR['bidder_id'];
}
$recR = "SELECT users_id, first_name, last_name FROM tbl_users WHERE users_id = '" . $rowR['bidder_id'] . "'";
$recResultB = mysql_query($recR, $con)or die(mysql_error());
while ($rowre = mysql_fetch_array($recResultB)) {
echo " <tr><td>" . $rowre['first_name'] . " " . $rowre['last_name'] . "</td></tr>";
}
}
?>
如果将用户id存储在$\u会话['UserID']中,我希望您可能需要使用以下查询。可能是逻辑错误:并且还使用mysqli_query代替最新php版本中不推荐使用的mysql_query。使用prepared语句的bind param,而不是在查询中直接绑定变量
$recR = "SELECT users_id, first_name, last_name FROM tbl_users WHERE users_id = '" . $_SESSION['UserID'] . "' LIMIT 1";
如果您只想在出价被“接受”时执行第二个查询(选择与给定出价关联的用户),则需要将该代码移动到您的条件语句中:
if ($rowR['accept'] == "Accepted") {
echo "<h3 style='color:#001F7A;'><b>You Have Updates </b><i class='fa fa-bell-o'></i></h3>";
echo $rowR['bidder_id'];
$recR = "SELECT users_id, first_name, last_name
FROM tbl_users
WHERE users_id = '" . $rowR['bidder_id'] . "'";
$recResultB = mysql_query($recR, $con)or die(mysql_error());
while ($rowre = mysql_fetch_array($recResultB)) {
echo " <tr><td>" . $rowre['first_name'] . " " . $rowre['last_name'] . "</td></tr>";
// echo $rowre['users_id'];
}
}
if($rowR['accept']==“Accepted”){
回显“您有更新”;
echo$rowR['bidder_id'];
$recR=“选择用户id、名字、姓氏
来自tbl_用户
其中users_id='”$rowR['bidder_id']。“'”;
$recResultB=mysql\u query($recR,$con)或die(mysql\u error());
while($rowre=mysql\u fetch\u数组($recResultB)){
回显“$rowre[‘姓氏’”。$rowre[‘姓氏’”;
//echo$rowre['users_id'];
}
}
您可能想考虑使用MySQL的新接口,如PDO,并通过使用准备语句或至少输入清洗等技术来保护代码免受SQL注入攻击。
< P> <强> < <强> > /P>
$notifyR = " SELECT bidid, recbid_id, bidder_id, selected, accept FROM tbl_bides WHERE recbid_id = '" . $u_id . "'";
至
$notifyR = " SELECT bidid, recbid_id, bidder_id, selected, accept FROM tbl_bides WHERE recbid_id = '" . $u_id . "' and accept = 'Accepted' ";
在您的查询中添加此项,并在$notifyR中接受='Accepted',请具体说明…您的预期输出是什么?我需要获取“接受”字段所在用户的数据值被接受,并且属于当前会话的数据被记录在修改您的sql查询时使用和accept='Accepted'