英文:
sql query in php does not return the value in stored in the table but does correctly in phpmyadmin
问题
I'm trying to set ID as a session variable however I cannot manage to retrieve the ID value from the 'Users' table using an SQL statement, the retrieved value is 1 no matter what field you try to SELECT e.g. I've tried with Firstname instead if ID in the SQL statement.
这段代码的问题是,无论尝试选择哪个字段,都无法从 'Users' 表中检索到正确的 ID 值,始终返回 1。例如,我已经尝试在 SQL 语句中选择 Firstname 而不是 ID。
This is the example of code in my Php page:
这是我的 Php 页面中的代码示例:
$sql = "SELECT `ID` FROM `Users` WHERE `Username` = '$username' AND `Password` = '$password'";
echo $sql;
$result = mysqli_multi_query($link,$sql);
echo $result;`
On the webpage it returns:
在网页上返回:
> SELECT `ID` FROM `Users` WHERE `Username` = 'x' AND `Password` = 'x'1
This shows that it has the correct SQL statement but the value returned should be the ID not 1.
这显示它具有正确的 SQL 语句,但返回的值应该是 ID,而不是 1。
It could be that maybe it returns how many rows that contains those values?
可能是因为它返回了包含这些值的行数?
However, when I put the same query into PhpMyAdmin (with the correct values for the variables) it returns the correct ID. ID is auto increment maybe this could have something to do with it?
但是,当我将相同的查询放入 PhpMyAdmin(使用变量的正确值)时,它返回了正确的 ID。ID 是自增字段,这可能与此有关。
英文:
I'm trying to set ID as a session variable however I cannot manage to retrieve the ID value from the 'Users' table using an SQL statement, the retrieved value is 1 no matter what field you try to SELECT
e.g. I've tried with Firstname instead if ID in the SQL statement.
This is the example of code in my Php page:
$sql = "SELECT `ID` FROM `Users` WHERE `Username` = '$username' AND `Password` = '$password'";
echo $sql;
$result = mysqli_multi_query($link,$sql);
echo $result;`
On the webpage it returns:
> SELECT `ID` FROM `Users` WHERE `Username` = 'x' AND `Password` = 'x'1
This shows that it has the correct SQL statement but the value returned should be the ID not 1.
It could be that maybe it returns how many rows that contains those values?
However, when I put the same query into PhpMyAdmin (with the correct values for the variables) it returns the correct ID. ID is auto increment maybe this could have something to do with it?
答案1
得分: 0
mysqli_multi_query() 在您的情况下并不是最佳选择。根据文档,它执行一个或多个数据库查询操作。
文档指出mysqli_multi_query() 的返回值是false,如果第一个语句执行失败(假设它执行成功的话,可能返回true或类似于您收到的1的兼容值)。
根据文档,对于生成结果集的查询,如SELECT、SHOW、DESCRIBE或EXPLAIN,可以使用mysqli_use_result()或mysqli_store_result()来检索结果集。
我还注意到您在构建查询时使用了字符串连接,这可能会导致不想要的SQL注入问题。
以下是您可以采取的示例代码:
<?php
//ini_set('display_errors', 1);
//ini_set('display_startup_errors', 1);
//error_reporting(E_ALL);
$sql = 'SELECT `ID` FROM `Users` WHERE `Username` = ? AND `Password` = ?';
$stmt = mysqli_prepare($link, $sql);
mysqli_stmt_bind_param($stmt, 'ss', $username, $password);
if (mysqli_stmt_execute($stmt)) {
if (($result = mysqli_stmt_get_result ($stmt)) && mysqli_num_rows($result)) {
$data = mysqli_fetch_array($result);
$id = $data[0];
}
}
英文:
mysqli_multi_query() is not the best choiche in your case. As documentation, it Performs one or more queries on the database.
The documentation says that the return value of mysqli_multi_query() is false if the first statement failed (and let suppose that is true or it's a compatible value like the 1 you received, if the execution has not failed).
From the documentation we know that For queries which produce a result set, such as SELECT, SHOW, DESCRIBE or EXPLAIN, mysqli_use_result() or mysqli_store_result() can be used to retrieve the result set.
I also notice that you are using string concatenation to compose the query, that can cause not wanted sql injection
This can be an example of how you can proceed:
<?php
//ini_set('display_errors', 1);
//ini_set('display_startup_errors', 1);
//error_reporting(E_ALL);
$sql = 'SELECT `ID` FROM `Users` WHERE `Username` = ? AND `Password` = ?';
$stmt = mysqli_prepare($link, $sql);
mysqli_stmt_bind_param($stmt, 'ss', $username, $password);
if (mysqli_stmt_execute($stmt)) {
if (($result = mysqli_stmt_get_result ($stmt)) && mysqli_num_rows($result)) {
$data = mysqli_fetch_array($result);
$id = $data[0];
}
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论