如何从while循环中获取多个值以在循环外的查询中使用?

时间:2015-04-18 00:54:40

标签: php mysql

我试图在while循环之外获取多个值,以便在while循环之外的查询中使用它。现在我可以一次获得一个值。我试图获得的值是$ids=$row["curriculum_id"];

这是我的代码,任何帮助都将受到高度赞赏。 

  <?php

    if(isset($_POST['Submit']) AND $_POST['Submit'] == 'Submit')
    {

   $coursneededdate =$_POST['needed']; 
$coursneededdate =mysqli_real_escape_string($mysqli,$coursneededdate);
$gradunder=$_POST['gradunder']; 
$gradunder =mysqli_real_escape_string ($mysqli,$gradunder);
$avalablesemster= $_POST['avalable'];
$avalablesemster =mysqli_real_escape_string($mysqli,$avalablesemster);

    $sql = "SELECT * FROM curriculum where '".$coursneededdate."' between  startdate and enddate";
    $result = $mysqli->query($sql);

    if ($result->num_rows > 0) {
        while($row = $result->fetch_assoc()) {
              $ids=$row["curriculum_id"];

        }


    }
    }

    $result2 ="SELECT * FROM  curriculumcourses  INNER JOIN courses ON curriculumcourses.course_id = courses.course_id where curriculum_id='$ids' and semester_ava='$avalablesemster'";

    $result3 = $mysqli->query($result2);
    if ($result3->num_rows > 0) {
        while($row = $result3->fetch_assoc()) {
     echo "<pre>";
    print_r($row);


        }

        }

    ?>

2 个答案:

答案 0 :(得分:1)

这是一个粗略的版本(未经测试)。这段代码是可注入的,我已经放入了mysqli_real_escape_string,http://php.net/manual/en/mysqli.real-escape-string.php。考虑将来使用预准备语句How can I prevent SQL injection in PHP?

<?php
if(isset($_POST['Submit']) AND $_POST['Submit'] == 'Submit') {
    $coursneededdate = isset($_POST['needed']) ? $mysqli->real_escape_string($_POST['needed']) : '';
    $gradunder=isset($_POST['gradunder']) ? $_POST['gradunder'] : ''; //this isn't used?
    $avalablesemster= isset($_POST['avalable']) ? $mysqli->real_escape_string($_POST['avalable']) : '';
    $sql = "SELECT * FROM curriculum where '".$coursneededdate."' between  startdate and enddate";
    $result = $mysqli->query($sql);
    if ($result->num_rows > 0) {
        $ids = '';
        while($row = $result->fetch_assoc()) {
            $ids .= $mysqli->real_escape_string($row["curriculum_id"]) . ', ';
        }
        $ids = rtrim($ids, ', ');
    }
}
$result2 ="SELECT * FROM  curriculumcourses  INNER JOIN courses ON curriculumcourses.course_id = courses.course_id where curriculum_id in($ids) and semester_ava='$avalablesemster'";
$result3 = $mysqli->query($result2);
if ($result3->num_rows > 0) {
    while($row = $result3->fetch_assoc()) {
        echo "<pre>";
        print_r($row);
        echo "</pre>";
    }
}
?>

此代码将所有课程ID连接到ids变量中列出的逗号分隔符。然后,此变量与SQL函数in一起使用,后者将搜索该列表中的所有ID。这是关于该主题的{2}文档https://dev.mysql.com/doc/refman/5.0/en/comparison-operators.html#function_in http://www.tutorialspoint.com/mysql/mysql-in-clause.htm

答案 1 :(得分:1)

您可以只替换一个查询:

SELECT * FROM  curriculumcourses  
    NATURAL JOIN courses  
    WHERE  semester_ava='$avalablesemster' 
    AND curriculum_id IN (
        SELECT curriculum_id 
        FROM curriculum 
        WHERE '".$coursneededdate."' BETWEEN startdate AND enddate)

然后直接从中获取结果。

此解决方案更快,因为DBMS优化了查询。此外,query -> PHP -> query -> PHP的选项更难以调试,读取和维护(除了速度更慢)。

相关问题
最新问题