我有一个简单的问题。如何将存储在字段中的数据用作查询中的变量?
在这个例子中我想使用crypt并且需要我数据库的密码字段内的值。我该怎么做呢。
$myusername=strtolower($myusername);
$query='SELECT * FROM auth '
."WHERE uname='$myusername' "
."and pword=crypt('$mypassword','pword')";
$result= mysqli_query($connection, $query);
if(mysqli_num_rows($result)>0)......
pword
和uname
是auth表中的字段名称。这是我在PHP
和SQL
中的第一个脚本。
答案 0 :(得分:2)
如果要引用数据库中的字段,请不要引用它:
$myusername = $connection->real_escape_string(strtolower($myusername));
$mypassword = $connection->real_escape_string($mypassword);
$query='SELECT * FROM auth'
."WHERE uname='$myusername'"
."and pword=crypt('$mypassword',pword)";
答案 1 :(得分:1)
我建议改为使用prepared statements:
$myusername = strtolower($myusername);
$sql = "SELECT * FROM auth HERE uname = ? and pword = crypt(?, 'pword')";
// prepare statement
$stmt = mysqli_prepare($connection, $sql);
if(!$stmt)die('can not prepare statement');
// supply parameter values:
mysqli_stmt_bind_param($stmt, 'ss', $myusername, $mypassword);
// execute
if(!mysqli_stmt_execute($stmt))die('can not execute statement');
// if there are rows...
if(mysqli_stmt_num_rows($stmt)){
// bind to variables
mysqli_stmt_bind_result($stmt, $col1, $col2 /* , colN */);
// output
while(mysqli_stmt_fetch($stmt)) {
var_dump($col1, $col2 /* , colN */);
}
}
// free statement
mysqli_stmt_close($stmt);
我建议进一步阅读:
答案 2 :(得分:1)
假设$ connection是您的数据库连接:
$connection = new mysqli("localhost", "my_db_user", "my_db_password", "my_table");
假设您想获取字段user_id和加密密码:
$myusername = $connection->real_escape_string(strtolower($myusername));
$query="SELECT user_id, crypt('{$mypassword}','pword') AS my_password FROM `auth`
WHERE uname='{$myusername}'
and pword=crypt('{$mypassword}','pword')";
$result = $connection->query($query);
if ($result !== false && $result->num_rows > 0) {
$row = $result->fetch_object();
$myUserID = $row->user_id;
$myPassword = $row->my_password;
}
注意:
希望这有帮助。