在WHERE子句中使用一串值 - mysql

时间:2014-08-30 07:21:53

标签: mysql sql

我有一串值,如:

$cat = "1,5,6,8,9";

现在我想在WHERE子句中使用该变量。我该怎么做?

"select category from test where category...?"

我正在使用下面的代码,但是我从number_of_result变量得到null:

$array_of_cat = explode(",",$cat);

if($number_of_result == 0){
    $mresult = mysql_query("select * from books where
     GoodName like '%$title%' and GroupCode in ($array_of_cat) ");
    $number_of_result = mysql_num_rows($mresult);
}

3 个答案:

答案 0 :(得分:1)

您不需要爆炸变量 - 这样做会导致数组在插入SQL字符串时导致错误的值(字符串"数组")。

尽管这是不安全的(SQL injection prone),但您可以这样做:

if($number_of_result == 0){
    $mresult = mysql_query("select * from books where
     GoodName like '%$title%' and GroupCode in ($cat)");
    $number_of_result = mysql_num_rows($mresult);
}

我强烈建议您使用mysql_real_escape_string函数来准备变量。

答案 1 :(得分:1)

将您的SQL语句更改为此语句。使用implode()传递IN子句

中的数组元素 
$mresult = mysql_query("
  SELECT * FROM books 
  WHERE GoodName LIKE '%$title%' AND GroupCode IN (" . implode(",", $array_of_cat) . ")");

答案 2 :(得分:0)

$cat = array(1,5,6,8,9);

$array_of_cat = implode(",",$cat);

if($number_of_result > 0){
  $mresult = mysql_query("select * from books where
  GoodName like '%$title%' and GroupCode in ($array_of_cat) ");

$number_of_result = mysql_num_rows($mresult);
}

此外,我强烈建议您阅读PDO / MySQLi

相关问题
最新问题