这是我在教程中的现有代码:
<fieldset>
<legend><?php echo WORDING_EDIT_USER_DATA; ?></legend>
<p><?php echo WORDING_YOU_ARE_LOGGED_IN_AS . '<b>' . $_SESSION['user_name']; ?></b></p><hr/>
<p>$_SESSION['user_id'] = <?php echo $_SESSION['user_id']; ?></p>
<p>$_SESSION['user_name'] = <?php echo $_SESSION['user_name']; ?></p>
<p>$_SESSION['user_email'] = <?php echo $_SESSION['user_email']; ?></p>
<p>$_SESSION['user_access_level'] = <?php echo $_SESSION['user_access_level']; ?></p>
<p>$_SESSION['user_logged_in'] = <?php echo $_SESSION['user_logged_in']; ?></p><hr/>
<p><?php echo WORDING_PROFILE_PICTURE . '<br/><img src="' . $login->getGravatarImageUrl() ; ?>" /></p>
</fieldset><br/>
<a href="?logout"><?php echo WORDING_LOGOUT; ?></a> | <a href="?edit"><?php echo WORDING_EDIT_USER_DATA; ?></a>
<?php echo (ALLOW_ADMIN_TO_REGISTER_NEW_USER && $_SESSION['user_access_level'] == 255 ? '<br/><a href="?register">'. WORDING_REGISTER_NEW_ACCOUNT .'</a>' : ''); ?>
这是我想在this schema上执行的查询:
SELECT item_title, item_location, item_datetime
FROM item
WHERE user_id = 1;
我对此很新,但这是我正在尝试的,以便显示属于该用户的帖子项目:
<?php
$result = mysql_query('SELECT item_title, item_location, item_datetime
FROM item WHERE user_id = $_SESSION['user_id'] ;');
if (!$result) {
die('Invalid query: ' . mysql_error());
}
?>
我无法在此查询工作或此代码运行方面取得很大进展。谁能告诉我哪里出错了?
答案 0 :(得分:2)
用此替换您的查询并尝试:
$result = mysql_query('SELECT item_title, item_location, item_datetime
FROM item WHERE user_id ='.$_SESSION['user_id']);
答案 1 :(得分:2)
用double qoutes替换主边界
mysql_query('SELECT item_title, item_location, item_datetime
FROM item WHERE user_id = $_SESSION['user_id'] ;');
到
mysql_query("SELECT item_title, item_location, item_datetime
FROM item WHERE user_id = $_SESSION['user_id'] ;");
答案 2 :(得分:1)
试试这个:
<?php
$result = mysql_query("SELECT item_title, item_location, item_datetime
FROM item WHERE user_id = " .$_SESSION['user_id']. " ;");
if (!$result) {
die('Invalid query: ' . mysql_error());
}
?>
无论如何,你应该转义变量$_SESSION['user_id'],以防止SQL注入。
以下是一些官方文档:
http://php.net/manual/es/security.database.sql-injection.php