Php 为什么不在我的代码中工作?
为什么不在我的代码中工作Php 为什么不在我的代码中工作?,php,mysql,Php,Mysql,为什么不在我的代码中工作 <?PHP $id_user = array('aaa' , 'bbb'); $ids = join(',',$id_user); $sql = "SELECT * FROM users WHERE username IN ($ids) order by id asc"; $result = mysql_query($sql); $tcount = mysql_num_rows($result); $i = 0; $number = 0; while($i&l
<?PHP
$id_user = array('aaa' , 'bbb');
$ids = join(',',$id_user);
$sql = "SELECT * FROM users WHERE username IN ($ids) order by id asc";
$result = mysql_query($sql);
$tcount = mysql_num_rows($result);
$i = 0;
$number = 0;
while($i<$tcount)
{
$number++;
mysql_data_seek($result,$i);
$datas=mysql_fetch_array($result);
{
$id = stripslashes(str_replace('\r\n', '<br>',($datas['id'])));
echo $id;
echo "<br>";
}
$i++;
$count++;
}
?>
您的用户名是字符串,因此应该用引号括起来
$id_user = array('aaa' , 'bbb');
$ids = join(',', array_map(function($v) {
return sprintf('"%s"', mysql_real_escape_string($v));
}, $id_user));
$sql = "SELECT * FROM users WHERE username IN ($ids) order by id asc";
// here goes the rest of your code
$ids = join("','",$id_user);
$sql = "SELECT * FROM users WHERE username IN ('$ids') order by id asc";
你不能逃避你的用户名。在aaa中,bbb是无效的SQL、use等。您好,SQL注入的可能性