来自mysqli_Query的回声结果

时间:2015-04-21 19:33:20

标签: php mysql

我正在制作一个供我自己使用的个人脚本,我需要知道如何回应mysqli_query的结果。我的代码如下:

$conn = mysqli_connect($servername, $username, $password, $dbname);

if(isset($_POST['commercial'])){
if (isset($_POST['0'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a'";
    $resultsd1 = mysqli_query($conn, $sql);
    echo $resultsd1;
}   
if (isset ($_POST['1'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 2 AND sent='a'";
    $resultsd2 = mysqli_query($conn, $sql);
    echo $resultsd2;
}   
if (isset($_POST['2'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 3 AND sent='a'";
    $resultsd3 = mysqli_query($conn, $sql);
    echo $resultsd3;
}
if (isset ($_POST['3'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 4 AND sent='a'";
    $resultsd4 = mysqli_query($conn, $sql);
    echo $resultsd4;
}
if (isset ($_POST['4'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 5 AND sent='a'";
    $resultsd5 = mysqli_query($conn, $sql);
    echo $resultsd5;
}

}
?>

3 个答案:

答案 0 :(得分:10)

如果你想要返回多行

if (isset($_POST['0'])) {
 $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a'";
 $resultsd1 = mysqli_query($conn, $sql);

 while ($row = mysqli_fetch_assoc($resultsd1))
 {
    echo $row['email'];
 }
}   

如果只有1行

if (isset($_POST['0'])){
 $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a' LIMIT 1";
 $resultsd1 = mysqli_query($conn, $sql);

 $row = mysqli_fetch_assoc($resultsd1);

 echo $row['email'];
}   

答案 1 :(得分:1)

首先,@ fred-ii说,逃避你的帖子,你的$ _POST访问中也有一个错误,你缺少文章键的引号,最后使用mysqli_fetch_assoc来访问你的结果:

...
if (isset($_POST['0'])) {
    $article = mysqli_real_escape_string($conn, $_POST['article']);
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$article' AND dripid = 1 AND sent='a'";
    if ($resultsd1 = mysqli_query($conn, $sql)) {
        if ($row = mysqli_fetch_assoc($resultsd1)) {
            echo $row['email'];
        }
    }
}
...   

答案 2 :(得分:0)

您可以简单地使用foreach循环在结果对象上循环。如果要将所有行提取到PHP变量中,则可以使用fetch_all()

$result = mysqli_query($conn, 'SELECT ...');
foreach($result as $row) {
    print_r($row);
    // do something with each row
}
// or
$result = $conn->('SELECT ...')->fetch_all(MYSQLI_ASSOC);
foreach($result as $row) {
    print_r($row);
    // do something with each row
}

但是,就您而言,您根本不应该使用mysqli_query()!这使您容易受到SQL注入的攻击。您必须使用参数绑定,这在准备好的语句中可用。

例如,您的固定查询将如下所示:

$stmt = $con->prepare("SELECT email FROM CommercialEmails WHERE articleid = ? AND dripid = 1 AND sent = 'a' ");
$stmt->bind_param('s', $_POST['article']);
$stmt->execute();
$result = $stmt->get_result();
foreach ($result as $row) {
    print_r($row);
}

区别在于我的变量没有与SQL分开,因此没有注入的风险。您绝对不应在SQL查询中直接允许任何变量输入。正确地做到这一点并不难。

此外,您实际上不需要重复太多代码。您也可以参数化dripid并减少代码中的行数。