如何检索“'”级别的选定值?表VBmembers中的列将其设置为$level变量?
session_start();
if (isset($_SESSION['user']))
{
$user = $_SESSION['user'];
$query = "SELECT level FROM VBmembers WHERE user='$user'";
$level = queryMysql($query);
$loggedin = TRUE;
}
else $loggedin = FALSE;
queryMysql函数代码
function queryMysql($query)
{
$result = mysql_query($query) or die ('ivalid query: ' . mysql_error());
return $result;
}
答案 0 :(得分:2)
您还需要几个步骤,最重要的是从结果中以可用的方式获取数据:
$user = $_SESSION['user'];
$query = "SELECT level FROM VBmembers WHERE user='$user'";
$result = queryMysql($query);
$row = mysql_fetch_array($result);
$level = $row['level'];
$loggedin = TRUE;
正如我在评论中所说,your script is at risk for SQL Injection Attacks.
如果可以,你应该stop using mysql_* functions。已在PHP 7中删除These extensions。了解prepared和PDO的MySQLi语句,并考虑使用PDO,it's really not hard。