使用MySQL和PHP创建和使用数组

时间:2016-02-08 09:16:28

标签: php mysql arrays

我尝试创建一个SQL查询,该查询获取整个表的值并将它们转储到一个我可以根据URL参数的值调用的数组中。

传递到网址的参数为?username=User1

我需要查询来过滤数据库中与该用户相关的结果(例如 - 他们的姓名,电子邮件地址,兴趣等)。

我希望能够将它们存储在一个可用于调用和显示值的数组中,例如; 

<?php echo htmlentities($row['profiles']['username'], ENT_QUOTES, 'UTF-8'); ?>
<?php echo htmlentities($row['profiles']['location_city'], ENT_QUOTES, 'UTF-8'); ?>

我使用以下PHP在PHP中设置$u变量

到目前为止我的SQL查询如下

 $query = " 
        SELECT 
            user_id,
            username, 
            displayname, 
            displayage,
            location_city,
            language
        FROM profiles WHERE username='$u'
    ";

然后我使用以下PHP代码尝试将数据传递到数组中; 

try 
    { 
        // These two statements run the query against your database table. 
        $stmt = $db->prepare($query); 
        $stmt->execute(); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage(). 
        // It may provide an attacker with helpful information about your code.  
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Finally, we can retrieve all of the found rows into an array using fetchAll 
    $rows = $stmt->fetchAll();

我的profile.php完整代码; 

<?php $_GET['u'] = 'u'; ?>

<?php 

    // First we execute our common code to connection to the database and start the session 
    require("common.php"); 

    // At the top of the page we check to see whether the user is logged in or not 
    if(empty($_SESSION['user'])) 
    { 
        // If they are not, we redirect them to the login page. 
        header("Location: index.php"); 

        // Remember that this die statement is absolutely critical.  Without it, 
        // people can view your members-only content without logging in. 
        die("Redirecting to index.php"); 
    } 

    // Everything below this point in the file is secured by the login system 

    // We can retrieve a list of members from the database using a SELECT query. 
    // In this case we do not have a WHERE clause because we want to select all 
    // of the rows from the database table. 
    $query = " 
        SELECT 
            id, 
            username, 
            email 
        FROM profiles WHERE username='$u'
    "; 

    try 
    { 
        // These two statements run the query against your database table. 
        $stmt = $db->prepare($query); 
        $stmt->execute(); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage(). 
        // It may provide an attacker with helpful information about your code.  
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Finally, we can retrieve all of the found rows into an array using fetchAll 
    $rows = $stmt->fetchAll(); 
?> 

<?php include('header.php') ?>

<div class="pages navbar-through toolbar-through">
<div class="page" data-page="profile">

<div class="page-content">

<div class="content-block">
<div class="content-block-inner">

<p>Profile content will go here</p>


<a href="private.php">Go Back</a><br />
</div>

</div>
</div>

</div>
</div>

<?php include('footer.php') ?>

1 个答案:

答案 0 :(得分:1)

更改profile.php文件内容,如下所示:

<?php $username = (isset($_GET['username']))? trim(strip_tags($_GET['username'])) : ""; ?>

<?php 

    // First we execute our common code to connection to the database and start the session 
    require("common.php"); 

    // At the top of the page we check to see whether the user is logged in or not 
    if(empty($_SESSION['user'])) 
    { 
        // If they are not, we redirect them to the login page. 
        header("Location: index.php"); 

        // Remember that this die statement is absolutely critical.  Without it, 
        // people can view your members-only content without logging in. 
        die("Redirecting to index.php"); 
    } 

    // Everything below this point in the file is secured by the login system 

    // We can retrieve a list of members from the database using a SELECT query. 
    // In this case we do not have a WHERE clause because we want to select all 
    // of the rows from the database table. 
    $query = " 
        SELECT 
            user_id,
            username, 
            displayname, 
            displayage,
            location_city,
            language
        FROM profiles WHERE username = '$username'
    "; 

    try 
    { 
        // These two statements run the query against your database table. 
        $stmt = $db->prepare($query); 
        $stmt->execute(); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage(). 
        // It may provide an attacker with helpful information about your code.  
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Finally, we can retrieve all of the found rows into an array using fetchAll 
    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); 
?> 

<?php include('header.php') ?>

<div class="pages navbar-through toolbar-through">
<div class="page" data-page="profile">

<div class="page-content">

<div class="content-block">
<div class="content-block-inner">

<p>Profile content will go here</p>
<?php foreach($rows as $row): ?>
   <div>Username: <?php echo $row['username'] ?></div>
   <div>Location: <?php echo $row['location_city'] ?></div>

<?php endforeach; ?>

<a href="private.php">Go Back</a><br />
</div>

</div>
</div>

</div>
</div>

<?php include('footer.php') ?>
相关问题
最新问题