Question

我很奇怪将所有字段名称作为PHP中MySQL查询的数组键。所有值都是从查询到数组，但不是所有键。我正在用JSON编码响应并将其发送到Android客户端。

以下是JSON Objects中包含JSON Array之一的原始输出。如您所见，许多键只是数字。数字的顺序也不符合原始查询。

08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):   {
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "STATE": "1",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "RECEIVER_ID": "29",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "LAST_MODIFIED": "2013-08-17     06:15:01",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "CREATED": "2013-08-07     15:51:25",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "UNIQUE_ID": "cef3fc71-073e-11e3-8ffd-0800200c9a66",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "3": "2",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "2": "29",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "1": "918fa7f5-073c-11e3-8ffd-    0800200c9a66",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "0": "2",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "7": "2013-08-07 15:51:25",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "6": "2013-08-17 06:15:01",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "DATA_RECORD_UUID": "918fa7f5-073c-11e3-8ffd-0800200c9a66",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "5": "cef3fc71-073e-11e3-8ffd-0800200c9a66",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "4": "1",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "ID": "2",
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):    "IS_TEST": "2"
08-18 05:41:49.130: I/GETJSON=ACCESSOR(JSON)(20407):   },

我一直用这个函数创建一个记录数组：

    public function getRowArray($mysql_query_result){
    $result=array();
    while($row=mysql_fetch_array($mysql_query_result)){
        $result[]=$row;
    }
    return $result;
}

查询结果来自此块，其变量使用mysql_real_escape_string预转义：

$ary=mysql_query("SELECT tRelations.ID,tRelations.DATA_RECORD_UUID,tRelations.RECEIVER_ID,
    tRelations.IS_TEST,tRelations.STATE,tRelations.UNIQUE_ID,tRelations.LAST_MODIFIED,
    tRelations.CREATED FROM tRelations 
            JOIN tUserData ON (tUserData.UNIQUE_ID=tRelations.DATA_RECORD_UUID) 
            JOIN tUsers ON (tUsers.ID=tUserData.USER_ID) 
        WHERE tUsers.ID=$user_id AND tRelations.last_modified>'$last_sync' 
        ORDER BY tRelations.ID ASC;") or die(mysql_error());


    if(mysql_num_rows($ary)>0){
        $array2= $this->getRowArray($ary);

可能有人知道为什么钥匙坏了而不是全部写的？或者，是否还有其他人喜欢将MySQL结果转换为JSON数组的其他方法？

Answer 1

列的顺序由选择查询的顺序决定。

SELECT tRelations.ID,tRelations.DATA_RECORD_UUID,tRelations.RECEIVER_ID,
    tRelations.IS_TEST,tRelations.STATE,tRelations.UNIQUE_ID,tRelations.LAST_MODIFIED,
    tRelations.CREATED FROM tRelations

它说：ID，DATA_RECORD_UUID，RECEIVER_ID，IS_TEST，STATE，UNIQUE_ID，它也将以这种方式添加到数组中。您可以将其重新排序为

SELECT tRelations.STATE,tRelations.RECEIVER_ID,tRelations.LAST_MODIFIED,
    tRelations.CREATED,tRelations.UNIQUE_ID,tRelations.DATA_RECORD_UUID,tRelations.ID,
    tRelations.IS_TEST FROM tRelations

但是很难按顺序获得其他字段。您可能需要自己填写它们，除非您可以使用tRelation.SOME_FIELD as '2'之类的别名。

public function getRowArray($mysql_query_result){
    $order=array("STATE", "RECEIVER_ID", "LAST_MODIFIED", "CREATED", "UNIQUE_ID", "3", ....);
    while($row=mysql_fetch_array($mysql_query_result)){
        $newRow = array();
        foreach($order as $value) {
            $newRow[$value] = $row[$value];
        }
        $result[]=$newRow;
    }
    return $result;
}

这实际上会逐行循环并按所需的列顺序排序。

旁注：

您的代码非常危险且易受SQL注入攻击。您永远不会直接将变量的内容放在SQL查询中！

$user_id = "Somestring with spaces";
$last_sync = "2013-08-07 15:51:25";
$ary=mysql_query("SELECT tRelations.ID,tRelations.DATA_RECORD_UUID,tRelations.RECEIVER_ID,
    tRelations.IS_TEST,tRelations.STATE,tRelations.UNIQUE_ID,tRelations.LAST_MODIFIED,
    tRelations.CREATED FROM tRelations 
            JOIN tUserData ON (tUserData.UNIQUE_ID=tRelations.DATA_RECORD_UUID) 
            JOIN tUsers ON (tUsers.ID=tUserData.USER_ID) 
        WHERE tUsers.ID=$user_id AND tRelations.last_modified>'$last_sync' 
        ORDER BY tRelations.ID ASC;") or die(mysql_error());

这将导致查询

SELECT tRelations.ID,tRelations.DATA_RECORD_UUID,tRelations.RECEIVER_ID,
    tRelations.IS_TEST,tRelations.STATE,tRelations.UNIQUE_ID,tRelations.LAST_MODIFIED,
    tRelations.CREATED FROM tRelations 
            JOIN tUserData ON (tUserData.UNIQUE_ID=tRelations.DATA_RECORD_UUID) 
            JOIN tUsers ON (tUsers.ID=tUserData.USER_ID) 
        WHERE tUsers.ID=Somestring with spaces AND tRelations.last_modified>'2013-08-07 15:51:25'
        ORDER BY tRelations.ID ASC;"

你看到了这个缺陷？那是因为“$ user_id”没有被转义。你应该总是使用mysqli_escape_string来逃避你的字符串。例如：

$ary=mysql_query("SELECT tRelations.ID,tRelations.DATA_RECORD_UUID,tRelations.RECEIVER_ID,
    tRelations.IS_TEST,tRelations.STATE,tRelations.UNIQUE_ID,tRelations.LAST_MODIFIED,
    tRelations.CREATED FROM tRelations 
            JOIN tUserData ON (tUserData.UNIQUE_ID=tRelations.DATA_RECORD_UUID) 
            JOIN tUsers ON (tUsers.ID=tUserData.USER_ID) 
        WHERE tUsers.ID=".mysqli_escape_string($user_id)." AND tRelations.last_modified>'".mysqli_escape_string($last_sync)."' 
        ORDER BY tRelations.ID ASC;") or die(mysql_error());

甚至更好：在与数据库交互时使用PDO（PHP数据对象）。从PHP 5.1开始支持PDO，并允许与数据库进行安全交互。它需要更多代码，但显着提高了PHP应用程序的可读性和安全性。

PHP没有从MySQL Query中将所有键都写入数组

1 个答案: