我正在尝试加入三个表并引入tutID
会话,以便从上一页开始。注释掉的SQL语句需要在SQL语句中。
<?php
session_start();
if (!isset($_GET['tutID']) || !is_numeric($_GET['tutID']))
{
header('Location: ./allTutorials.php');
}
else
{
// Include databse connection file
include('./inc/connection.inc.php');
// Get record details
connect();
$tutID = $_GET['tutID'];
/*$sql = "SELECT * FROM tutorials WHERE tutID = '$tutID' ";*/
$sql = "SELECT * FROM tutorials INNER JOIN tutorialimages ON tutorials.tutID = tutorialimages.tutID INNER JOIN images ON images.imageID = tutorialimages.imageID" ;
$result = @mysql_query($sql) or die('Unable to run query');
$record = mysql_fetch_object($result);
mysql_close();
?>
答案 0 :(得分:2)
在WHERE
查询中添加JOIN
-
$sql = "SELECT * FROM tutorials
INNER JOIN tutorialimages ON tutorials.tutID = tutorialimages.tutID
INNER JOIN images ON images.imageID = tutorialimages.imageID
WHERE tutorials.tutID = " . ((int) $tutID)
;
您会注意到我已将教程ID重新转换为整数。这是一种防止恶意用户将SQL注入查询的安全措施。虽然这是安全的,但最好切换到提供参数化的数据库引擎,这样可以更容易。