我希望使用会话用户id = PhysioReference(表中的字段)的标准,但它似乎不起作用?什么是正确的方法还是有更好的方法?
用于在表格中显示信息,但仅限于登录的人员已分配该信息
$sql="SELECT * FROM IA WHERE IASubmitted= 'no' AND PhysioReference = $_SESSION['SESS_MEMBER_ID']";
答案 0 :(得分:0)
您想要使用Complex (curly) in string variable syntax的文字表示(糟糕的想法):
$sql="SELECT * FROM IA
WHERE IASubmitted= 'no' AND PhysioReference = ${_SESSION['SESS_MEMBER_ID']}";
这很容易SQL Injection,而是使用prepared statement:
$sql="SELECT * FROM IA
WHERE IASubmitted= 'no' AND PhysioReference = ?";
/* Prepared statement, stage 1: prepare */
if (!($stmt = $mysqli->prepare("INSERT INTO test(id) VALUES (?)"))) {
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
/* Prepared statement, stage 2: bind and execute */
if (!$stmt->bind_param("i", $_SESSION['SESS_MEMBER_ID'] )) {
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
答案 1 :(得分:0)
$ sql =" SELECT * 来自IA tb1,成员tb2 在哪里tb1.PhysioReference = tb2.member_id AND tb2.member_id ="。$ _ SESSION [' SESS_MEMBER_ID']; $结果= mysql_query($ SQL);
这最终有效