如何从数据库返回有序数据

时间:2012-06-16 17:33:29

标签: php mysql

说我有一个包含4个字段的mySQL数据库表:

  • link_id(主键)
  • PAGE_ID
  • anchor_text
  • URL

我的数据如下:

link_id | page_id | anchor_text | url 
1       | 1       | Link One    | http://www.one.com
2       | 1       | Link Two    | http://www.two.com
3       | 2       | Link Three  | http://www.three.com

我如何最好编写一个函数来获取给定页面的链接,然后使用该函数来显示它们?

功能:

    function get_page_links($page_id) {

        $db = new mysqli("localhost", "root", "root", "my_db");

        //what's next?

        }

用法:

$my_links = get_page_links(1);

//do something to parse $my_links

显示:

<a href="http://www.one.com">Link One</a>
<a href="http://www.two.com">Link Two</a>

2 个答案:

答案 0 :(得分:2)

$q = "SELECT *";
$q.= " FROM yourtablename";
$q.= " WHERE `page-id` = ".(int)$page_id;
$q.= " ORDER BY `link-id`";

反引号可能没有必要,但我把它们丢在那里,因为你的字段名称中有连字符。

请注意,这里有非常基本的验证。通过在附加它之前将$page_id转换为int,可以确保它不会是某种注入攻击。这不是一个很好的方法,但它会起作用。

mysqli_real_escape_string()之类的东西是应该考虑的替代方案,尤其是对于更一般的消毒。

可替换地:

$q = sprintf("SELECT *
              FROM yourtablename
              WHERE `page-id` = %d
              ORDER BY `link-id", $page_id);

我更喜欢。


修改:现在是什么?

首先,不要使用mysqli,让我们使用PDO

其次,我们不想在每次调用函数时连接到数据库,我们想要这样做一次。所以将其移出功能。

// Typically this line is in another file and included once, but for now lets just
//  get this out of the function
$db = new PDO('mysql:host=localhost;dbname=my_db', 'root', 'root');

// Your function
function get_page_links($page_id) {
    // Build query
    $q = sprintf("SELECT *
                  FROM yourtablename
                  WHERE `page-id` = %d
                  ORDER BY `link-id`", $page_id);
    // Run Query
    foreach ($db->query($q) as $a) {
        printf('<a href="%s">%s</a>'."\n", $a['url'], $a['anchor-text']);
    }
}

答案 1 :(得分:2)

对我来说看起来像一个相当简单的查询

SELECT *
    FROM `links_table`
    WHERE `page_id` = $page_id
    ORDER BY `link_id` ASC;

这当然是假设$page_id不是来自用户输入,而是安全地进行了清理。如果没有,你应该使用准备好的陈述。

了解 Executing Statements on MySQLi ,了解如何处理此查询生成的结果。


我不熟悉MySQLi,因为我更喜欢PDO。在PDO中,我会做这样的事情:

<?php

/**
 * @param integer $page_id
 * @param PDO     $db
 *
 * @return array
 */
/*
 * First, we give the function the database connection object as an argument.
 * A function to get the page links shouldn't care where you got the connection from!
 */
function get_page_links($page_id, PDO $db) {
    $query = <<<MySQL
SELECT *
    FROM `links_table`
    WHERE `page_id` = :page_id
    ORDER BY `link_id` ASC;
MySQL;
    /*
     * Prepare the query and bind all values to placeholders
     */
    $stmt  = $db->prepare($query);
    $stmt->bindValue(":page_id", $page_id, PDO::PARAM_INT);

    $stmt->execute();

    /*
     * Fetch all results to an array, and return it
     */
    $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
    return $result;
}

try {
    /*
     * Start new PDO connection for the function
     */
    $db = new PDO("mysql:host=localhost;dbname=database_name", "user", "password");
    //This line tells PDO to throw PDOExceptions in case of errors,
    //which are much easier to handle
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    //This lines disables PDO's default emulation for prepared statements. Adds security.
    $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

    $links = get_page_links(1, $db);
}
catch (PDOException $e) {
    die("There has been an error with the database: " . $e->getMessage());
}

foreach ($links as $link) {
    echo "<a href='{$link["url"]}'>{$link["anchor_text"]}</a>";
}