Question

我正在尝试加入三个表并引入tutID会话，以便从上一页开始。注释掉的SQL语句需要在SQL语句中。

<?php
session_start(); 
if (!isset($_GET['tutID']) || !is_numeric($_GET['tutID']))
{
header('Location: ./allTutorials.php');
}
else
{

// Include databse connection file
include('./inc/connection.inc.php');

// Get record details
connect();

$tutID = $_GET['tutID'];
/*$sql =    "SELECT * FROM tutorials WHERE tutID = '$tutID' ";*/
$sql = "SELECT * FROM tutorials INNER JOIN tutorialimages ON tutorials.tutID = tutorialimages.tutID INNER JOIN images ON images.imageID = tutorialimages.imageID" ;


$result = @mysql_query($sql) or die('Unable to run query');
$record = mysql_fetch_object($result);

mysql_close();  
?>

Answer 1

在WHERE查询中添加JOIN -

$sql = "SELECT * FROM tutorials 
        INNER JOIN tutorialimages ON tutorials.tutID = tutorialimages.tutID
        INNER JOIN images ON images.imageID = tutorialimages.imageID 
        WHERE tutorials.tutID = " . ((int) $tutID)
;

您会注意到我已将教程ID重新转换为整数。这是一种防止恶意用户将SQL注入查询的安全措施。虽然这是安全的，但最好切换到提供参数化的数据库引擎，这样可以更容易。

具有会话的INNER JOIN和WHERE子句

1 个答案: