我想在PHP中回显所有具有相同userid的classNames。

huangapple go评论78阅读模式
英文:

I want to echo all classNames that have the same userid in php

问题

$mysqli = new mysqli($servername, $username, $password, $database);
$userId1 = $_SESSION['user']['userId'];
$searchQuery = "SELECT ClassName FROM classrooms WHERE userid = '{$userId1}'";
echo "abc";
if ($result = $mysqli->query($searchQuery)) {
    echo "epic";
    while ($row = $result->fetch_object()) {
        echo $row->ClassName;
    }
}

我正在尝试输出所有在classrooms表中,userId等于会话中的userId的情况。帮助。

这是我们用来跟踪用户教室的表格,我正在使用mysqli。

ClassName  userid
yoink      25
lol        25
haha       6
yoinks     25
yeet       25
yeet1      25

原来,我的帖子主要是代码。所以让我提供一些背景细节。我正在尝试创建一个表格,根据userID显示教室名称。所以用户25将拥有教室yoink,lol,yoinks,yeet和yeet1。但是if语句(我们的查询)实际上并没有执行任何操作。

非常感谢。

英文:

code here :

$mysqli = new mysqli($servername, $username, $password, $database);
$userId1 = $_SESSION['user']['userId'];
$searchQuery = "SELECT ClassName FROM classrooms WHERE userid = '{$userId1}'";
echo "abc";
if ($mysqli->query($searchQuery) === TRUE) {
    echo "epic";
    while($row = $searchQuery->fetch_object()) {
        echo $row['ClassName'];
    }
} 

I am trying to echo all instances where the userId in the classrooms table is equal to the session userId. HELP.

this is the table that we are using to track the users classrooms I'm using mysqli.

ClassName  userid
yoink      25
lol        25
haha       6
yoinks     25
yeet       25
yeet1      25

Turns out, my post is mostly code. So let me give some background details. I'm trying to make a table that will disply the classroom name depending on the userID. So user 25 will have classrooms yoink,lol,yoinks,yeet, and yeet1. But the if statement (our query) doesn't actually do anything.

Many thanks

答案1

得分: 1

$searchQuery是一个字符串!!! 而不是从$mysqli->query()返回的结果句柄,但您没有捕获它。

所以将代码更改为:

$mysqli = new mysqli($servername, $username, $password, $database);
$userId1 = $_SESSION['user']['userId'];
$searchQuery = "SELECT ClassName FROM classrooms WHERE userid = '$userId1'";
echo "abc";
if ($result = $mysqli->query($searchQuery) === TRUE) {
    echo "epic";
    while($row = $result->fetch_object()) {
        //echo $row['ClassName'];
        // 你获取了一个对象,所以要将其视为一个对象来处理
        echo $row->ClassName;
    }
}

但请注意 - 重要警告

您的脚本容易受到 SQL 注入攻击 的影响。
即使您转义了输入,也不安全!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)
您应该考虑使用 准备好的参数化语句MYSQLI_PDO API 中,而不是连接的值。

$mysqli = new mysqli($servername, $username, $password, $database);
$userId1 = $_SESSION['user']['userId'];

$sql = "SELECT ClassName FROM classrooms WHERE userid = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('s', $userId1);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_object()) {
    echo $row->ClassName;
}
英文:

$searchQuery is a string!!! And not a result handle which would have been returned from $mysqli->query() but you did not capture it.

So change the code to

$mysqli = new mysqli($servername, $username, $password, $database);
$userId1 = $_SESSION['user']['userId'];
$searchQuery = "SELECT ClassName FROM classrooms WHERE userid = '$userId1'";
echo "abc";
if ($result = $mysqli->query($searchQuery) === TRUE) {
    echo "epic";
    while($row = $result->fetch_object()) {
        //echo $row['ClassName'];
        // you fetch an OBJECT so address it as an object
        echo $row->ClassName;
    }
} 

###However - Big Warning

>Your script is open to SQL Injection Attack.
Even if you are escaping inputs, its not safe!
You should consider using prepared parameterized statements in either the MYSQLI_ or PDO API's instead of concatenated values

$mysqli = new mysqli($servername, $username, $password, $database);
$userId1 = $_SESSION['user']['userId'];

$sql = "SELECT ClassName FROM classrooms WHERE userid = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('s', $userId1);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_object()) {
    echo $row->ClassName;
} 

huangapple
  • 本文由 发表于 2020年1月7日 01:24:18
  • 转载请务必保留本文链接:https://go.coder-hub.com/59616391.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定