如何为MySQL表选择一列并将其与PHP变量进行比较

Question

我正在尝试将我导入的MySQL表列与我的脚本进行比较，并将其与我定义的PHP值进行比较。

我正在尝试创建一个if循环来检查列中的任何值是否等于变量。

// Connect to database containing order information

$servername = "server";
$username = "user";
$password = "pass";

// Create connection
$conn = new mysqli($servername,$username,$password);

// Check connection
if ($conn->connect_error)
{
    die("Connection failed: " . $conn->connect_error);
}

// define variables and set to empty values
$name = $ordernumber = "";

// Load up data from the form

$ordernumber = ($_POST['order_number']);

// Get SQL info
$sql = "SELECT order_number FROM p_orders;";
if ($conn->query($sql) === TRUE)
{
    echo "Checked Orders.....";
}
else
{
    echo "Failed to check orders, please contact Support for assistance" . $conn->error;
}

// Checking Script 

if ($ordernumber === $orders)
{
    echo "Order Number Found.... Let's Select a Seat";
}
else
{
    echo "Your Order was not found, either you did not order a reservation ticket, have not waited 3 days or you entered the number wrong. If issues persist then please contact Support."
    };

Answer 1

脚本的结尾部分应该是这样的......

$stmt =  $mysqli->stmt_init();
if ($stmt->prepare('SELECT order_number FROM p_orders WHERE orderID = ?')) {
    $stmt->bind_param('s',$_POST['order_number']); // i if order number is int
    $stmt->execute();
    $stmt->bind_result($order_number);
    $stmt->fetch();
    if (!empty($order_number))
        echo "Order Number Found.... Let's Select a Seat";
    }else {
        echo "Your Order was not found...";
    }    
    $stmt->close();
}
$mysqli->close();

...请注意，查询现在只查找匹配的记录，并注意使用预准备语句从SQL注入中保护post变量。

仅从SQL收集匹配项的原因是，如果您有一百万条记录，数据库将返回所有这些，然后PHP将需要循环它们（这可能导致最大的执行，内存和其他错误）。而不是像这样建立起来的数据库 - 注意这个领域的索引是好的，也可以使用＆＃34; youtube样式＆＃34;建议使用id，这就是为什么我假设使用字符串代替数字作为变量minght暗示的数字 - 并且它不是＆＃34; id＆＃34;这有很多原因...我已经添加了一个链接来解释＆＃34; youtube style＆＃34;这里我不会详细介绍ID，但使用它有很多胜利:)）

更新基于......

• http://php.net/manual/en/mysqli-stmt.prepare.php
• MySQL prepared statement vs normal query. Gains & Losses
• https://www.youtube.com/watch?v=gocwRvLhDf8（YouTube会不会用完视频ID？）

Answer 2

最好使用WHERE子句搜索order id和mysqli prepared statement，如下所示。

$mysqli = new mysqli("localhost", "my_user", "my_password", "my_db");
/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$name = "";       
// Load up data from the form  
$ordernumber = $_POST['order_number'];  

/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT COUNT(*) FROM p_orders WHERE orderID=?")) { 

    /* bind parameters for markers */
    $stmt->bind_param("i", $ordernumber ); // "i" if order number is integer, "s" if string

    /* execute query */
    $stmt->execute();

    /* bind result variables */
    $stmt->bind_result($counter);

    /* fetch value */
    $stmt->fetch();

        if ($counter>0) { // if order id is in array or id's
            echo "Order Number Found.... Let's Select a Seat";    
        } else {
            echo "Your Order was not found, either you did not order a reservation ticket, have not waited 3 days or you entered the number wrong. If issues persist then please contact Support."
        }

    /* close statement */
    $stmt->close();
}

/* close connection */
$mysqli->close();