有没有办法用sql选择未存储数据库的数据? 我想要的是选择那些没有存储在数据库中的数据。 如果我有这个代码我该怎么办?
$name = $_POST['name'];
$contact = $_POST['contact'];
$sql = mysql_query("select * from tbluser where name<>'$name' and contact<>'$contact'");
$ _POST中名称和联系人中的值未存储在数据库中。怎么做?
更新
我想出了答案,谢谢您的建议和解答:)
这是我的最终查询
$qq = mysql_query("select * from tbluser
where not exists (select * from tbluser
where name='$name'
and contact='$contact')");
答案 0 :(得分:0)
此查询似乎没问题。你应该使用mysql_escape_string()
尝试这样:
$name = mysql_escape_string($_POST['name']);
$contact = mysql_escape_string($_POST['contact']);
$sql = mysql_query("select * from tbluser where name<>'$name' and contact<>'$contact'");
while ($row = mysql_fetch_assoc($sql)) { //fetach the result
echo $row["name"];
echo $row["cantact"];
}
mysql_*函数已弃用,您应移至mysqli_*或PDO
答案 1 :(得分:0)
这是你的意思吗?
$sql = mysql_query("select * from tbluser where name != '$name' and contact != '$contact'");
您还应该使用
mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier = NULL ] )
答案 2 :(得分:0)
如果我理解正确,你想看看NAME和CONTACT的值是否在tbluser上,如果不是,你想要返回输入的值,反馈表明它们不在桌面上。
这应该这样做:
select 'not on table' as confirm, '$name' as name, '$contact' as contact
from dual
where not exists (select 'x'
from tbluser
where name = '$name'
and contact = '$contact')
如果你想要反馈表明它是否在桌子上(两种方式),作为某种检查查询,请使用:
select 'not on table' as confirm, '$name' as name, '$contact' as contact
from dual
where not exists (select 'x'
from tbluser
where name = '$name'
and contact = '$contact')
union all
select 'is on table' as confirm, '$name' as name, '$contact' as contact
from dual
where exists (select 'x'
from tbluser
where name = '$name'
and contact = '$contact')
答案 3 :(得分:0)
关于安全性,您应该在将其保存到数据库之前验证您的输入,这是关于安全性问题;)