我想回显列用户名的值,并尝试这样:
public function username_exists($username) {
$conn = new mysqli($this->servername, $this->username, $this->password, $this->db_name);
$result = mysqli_query($conn, "SELECT username FROM fe_users WHERE username = $username");
while ($row = mysqli_fetch_assoc($result)) {
echo $row["username"];
}
}
当我运行此代码时,由于某种原因,它总是返回字符串 33 ,它也存储在我的数据库中,但它绝对不是列用户名。为什么我会收到此输出?如何显示存储在表 fe_users 中的用户名?
答案 0 :(得分:2)
您需要引用$username
SELECT username FROM fe_users WHERE username = '$username'"
更好地使用bind和prepare语句。它会自动转义你的字符串并免受sql注入攻击
/* prepare statement */
$stmt = $conn->prepare( "SELECT username FROM fe_users WHERE username = ?");
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($col1);
/* fetch values */
while ($stmt->fetch()) {
printf("%s %s\n", $col1);
}
/* close statement */
$stmt->close();
答案 1 :(得分:0)
$result = mysqli_query($conn, "SELECT username FROM fe_users WHERE username = '$username'");