英文:
I want to echo all classNames that have the same userid in php
问题
$mysqli = new mysqli($servername, $username, $password, $database);
$userId1 = $_SESSION['user']['userId'];
$searchQuery = "SELECT ClassName FROM classrooms WHERE userid = '{$userId1}'";
echo "abc";
if ($result = $mysqli->query($searchQuery)) {
echo "epic";
while ($row = $result->fetch_object()) {
echo $row->ClassName;
}
}
我正在尝试输出所有在classrooms表中,userId等于会话中的userId的情况。帮助。
这是我们用来跟踪用户教室的表格,我正在使用mysqli。
ClassName userid
yoink 25
lol 25
haha 6
yoinks 25
yeet 25
yeet1 25
原来,我的帖子主要是代码。所以让我提供一些背景细节。我正在尝试创建一个表格,根据userID显示教室名称。所以用户25将拥有教室yoink,lol,yoinks,yeet和yeet1。但是if语句(我们的查询)实际上并没有执行任何操作。
非常感谢。
英文:
code here :
$mysqli = new mysqli($servername, $username, $password, $database);
$userId1 = $_SESSION['user']['userId'];
$searchQuery = "SELECT ClassName FROM classrooms WHERE userid = '{$userId1}'";
echo "abc";
if ($mysqli->query($searchQuery) === TRUE) {
echo "epic";
while($row = $searchQuery->fetch_object()) {
echo $row['ClassName'];
}
}
I am trying to echo all instances where the userId in the classrooms table is equal to the session userId. HELP.
this is the table that we are using to track the users classrooms I'm using mysqli.
ClassName userid
yoink 25
lol 25
haha 6
yoinks 25
yeet 25
yeet1 25
Turns out, my post is mostly code. So let me give some background details. I'm trying to make a table that will disply the classroom name depending on the userID. So user 25 will have classrooms yoink,lol,yoinks,yeet, and yeet1. But the if statement (our query) doesn't actually do anything.
Many thanks
答案1
得分: 1
$searchQuery
是一个字符串!!! 而不是从$mysqli->query()
返回的结果句柄,但您没有捕获它。
所以将代码更改为:
$mysqli = new mysqli($servername, $username, $password, $database);
$userId1 = $_SESSION['user']['userId'];
$searchQuery = "SELECT ClassName FROM classrooms WHERE userid = '$userId1'";
echo "abc";
if ($result = $mysqli->query($searchQuery) === TRUE) {
echo "epic";
while($row = $result->fetch_object()) {
//echo $row['ClassName'];
// 你获取了一个对象,所以要将其视为一个对象来处理
echo $row->ClassName;
}
}
但请注意 - 重要警告
您的脚本容易受到 SQL 注入攻击 的影响。
即使您转义了输入,也不安全!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)
您应该考虑使用 准备好的参数化语句 在MYSQLI_
或PDO
API 中,而不是连接的值。
$mysqli = new mysqli($servername, $username, $password, $database);
$userId1 = $_SESSION['user']['userId'];
$sql = "SELECT ClassName FROM classrooms WHERE userid = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('s', $userId1);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_object()) {
echo $row->ClassName;
}
英文:
$searchQuery
is a string!!! And not a result handle which would have been returned from $mysqli->query()
but you did not capture it.
So change the code to
$mysqli = new mysqli($servername, $username, $password, $database);
$userId1 = $_SESSION['user']['userId'];
$searchQuery = "SELECT ClassName FROM classrooms WHERE userid = '$userId1'";
echo "abc";
if ($result = $mysqli->query($searchQuery) === TRUE) {
echo "epic";
while($row = $result->fetch_object()) {
//echo $row['ClassName'];
// you fetch an OBJECT so address it as an object
echo $row->ClassName;
}
}
###However - Big Warning
>Your script is open to SQL Injection Attack.
Even if you are escaping inputs, its not safe!
You should consider using prepared parameterized statements in either the MYSQLI_
or PDO
API's instead of concatenated values
$mysqli = new mysqli($servername, $username, $password, $database);
$userId1 = $_SESSION['user']['userId'];
$sql = "SELECT ClassName FROM classrooms WHERE userid = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('s', $userId1);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_object()) {
echo $row->ClassName;
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论