Php 不确定mysql查询
我想知道这是否正确?我有一种感觉,它不是,并想知道最好的方法来修复它Php 不确定mysql查询,php,mysql,Php,Mysql,我想知道这是否正确?我有一种感觉,它不是,并想知道最好的方法来修复它 $query= mysql_num_rows(mysql_query("SELECT * FROM members WHERE email='$email'")); while ($row = mysql_fetch_array($query)) { $firstname = $row['firstname']; } 谢谢。哪里需要mysql\u num\u行?我非常怀疑这会奏效。我猜你不能组合mysql函数,但不能
$query= mysql_num_rows(mysql_query("SELECT * FROM members WHERE email='$email'"));
while ($row = mysql_fetch_array($query)) {
$firstname = $row['firstname'];
}
谢谢。哪里需要mysql\u num\u行?我非常怀疑这会奏效。我猜你不能组合mysql函数,但不能确定,因为我已经多年没有使用mysql函数了,你也不应该,因为它们已经被弃用了。尝试使用mysqli 哪里需要mysql\u num\u行?我非常怀疑这会奏效。我猜你不能组合mysql函数,但不能确定,因为我已经多年没有使用mysql函数了,你也不应该,因为它们已经被弃用了。尝试使用mysqli
$query= mysql_num_rows(mysql_query("SELECT * FROM members WHERE email='$email'"));
应该是
$query=mysql_query("SELECT * FROM members WHERE email='$email'");
应该是
$query=mysql_query("SELECT * FROM members WHERE email='$email'");
您正在将行数分配给
$query
,而您应该分配mysql\u query()
的返回值,因为mysql\u fetch\u array()
需要一个结果标识符作为其参数
其他问题:
- 使用不推荐使用的MySQL库。考虑升级到PDO或MySQL LI/LI>
- 未显示
的来源,但可能存在SQL注入漏洞。在PDO或MySQLi中使用准备好的语句来防止这种情况$email
- 在尝试获取行之前,请检查返回值。如果查询失败,则将布尔值传递给
mysql\u fetch\u array()
$db = new mysqli('localhost', 'user', 'pass', 'dbname');
if($stmt = $db->prepare('SELECT * FROM members WHERE email = ?')){
$stmt->bind_param('s', $email);
$stmt->execute();
if($result = $stmt->get_result()){
while ($row = $result->fetch_assoc()){
$firstname = $row['firstname'];
}
}
}
您正在将行数分配给
$query
,而您应该分配mysql\u query()
的返回值,因为mysql\u fetch\u array()
需要一个结果标识符作为其参数
其他问题:
- 使用不推荐使用的MySQL库。考虑升级到PDO或MySQL LI/LI>
- 未显示
的来源,但可能存在SQL注入漏洞。在PDO或MySQLi中使用准备好的语句来防止这种情况$email
- 在尝试获取行之前,请检查返回值。如果查询失败,则将布尔值传递给
mysql\u fetch\u array()
$db = new mysqli('localhost', 'user', 'pass', 'dbname');
if($stmt = $db->prepare('SELECT * FROM members WHERE email = ?')){
$stmt->bind_param('s', $email);
$stmt->execute();
if($result = $stmt->get_result()){
while ($row = $result->fetch_assoc()){
$firstname = $row['firstname'];
}
}
}
MySQL:
$query= mysql_query("SELECT * FROM members WHERE email='$email'");
while ($row = mysql_fetch_array($query)) {
$firstname = $row['firstname'];
}
$mysqli = new mysqli("localhost", "root_user", "root_password", "database_name");
if ($mysqli->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
if ($result = $mysqli->query("SELECT * FROM members WHERE email ='$email'")) {
while ($row = $result->fetch_array(MYSQLI_ASSOC)){
$firstname = $row['firstname'];
}
$result->close();
}
$mysqli->close();
MySQLi:
$query= mysql_query("SELECT * FROM members WHERE email='$email'");
while ($row = mysql_fetch_array($query)) {
$firstname = $row['firstname'];
}
$mysqli = new mysqli("localhost", "root_user", "root_password", "database_name");
if ($mysqli->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
if ($result = $mysqli->query("SELECT * FROM members WHERE email ='$email'")) {
while ($row = $result->fetch_array(MYSQLI_ASSOC)){
$firstname = $row['firstname'];
}
$result->close();
}
$mysqli->close();
MySQL:
$query= mysql_query("SELECT * FROM members WHERE email='$email'");
while ($row = mysql_fetch_array($query)) {
$firstname = $row['firstname'];
}
$mysqli = new mysqli("localhost", "root_user", "root_password", "database_name");
if ($mysqli->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
if ($result = $mysqli->query("SELECT * FROM members WHERE email ='$email'")) {
while ($row = $result->fetch_array(MYSQLI_ASSOC)){
$firstname = $row['firstname'];
}
$result->close();
}
$mysqli->close();
MySQLi:
$query= mysql_query("SELECT * FROM members WHERE email='$email'");
while ($row = mysql_fetch_array($query)) {
$firstname = $row['firstname'];
}
$mysqli = new mysqli("localhost", "root_user", "root_password", "database_name");
if ($mysqli->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
if ($result = $mysqli->query("SELECT * FROM members WHERE email ='$email'")) {
while ($row = $result->fetch_array(MYSQLI_ASSOC)){
$firstname = $row['firstname'];
}
$result->close();
}
$mysqli->close();
请不要使用mysql,开始使用mysqli或PDO,因为mysql功能现在已经贬值了。 对于您的查询,以下是一个示例:
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); // The Connection
$query = "SELECT * FROM members WHERE email ='$email'"; // MySQL Query
$data = mysqli_query($dbc, $query); // Perform the Query
$row = mysqli_fetch_array($data); // Work with the data using $row
$firstname = $row['firstname'];
要显示输出,请执行以下操作:
while($row = mysqli_fetch_array($data)) {
// do something to echo
}
请不要使用mysql,开始使用mysqli或PDO,因为mysql功能现在已经贬值了。 对于您的查询,以下是一个示例:
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); // The Connection
$query = "SELECT * FROM members WHERE email ='$email'"; // MySQL Query
$data = mysqli_query($dbc, $query); // Perform the Query
$row = mysqli_fetch_array($data); // Work with the data using $row
$firstname = $row['firstname'];
要显示输出,请执行以下操作:
while($row = mysqli_fetch_array($data)) {
// do something to echo
}
你试过了吗?当你这样做时会发生什么?这将告诉您是否正确。是的,您的代码是错误的,这部分:“$query=mysql\u num\u rows(mysql\u query(”官方建议使用Sql注入和使用不推荐的mysql而不是mysqli或pdo.mysqli,因为在最新版本的php中,mysql是不推荐的。这是值得一读的:。您尝试过吗?当您尝试时会发生什么?这将告诉您是否正确。是的,您的代码是错误的,这部分:$query=mysql_num_rows(mysql_query()官方建议使用Sql注入和使用不推荐的mysql而不是mysqli或pdo.mysqli,因为在最新版本的php中,mysql是不推荐使用的。这值得一读:.+1用于回答问题,而不是使用代码建议脱离主题。现在很少见到。+1用于回答问题,而不是脱离主题代码推荐。现在很少见到。@user3495551添加了示例。@user3495551添加了示例。