我的查询:
SELECT users.nickname,
friends.id_friends, friends.id_adder, friends.id_added, friends.id_tipus
FROM friends
LEFT JOIN users ON users.id=friends.id_added OR users.id=friends.id_adder
WHERE
(friends.id_adder='".$id."' AND (SELECT nickname FROM users WHERE id='".$id."')<>users.nickname)
OR
(friends.id_added='".$id."' AND (SELECT nickname FROM users WHERE id='".$id."')<>users.nickname);
答案 0 :(得分:2)
我会将该查询转换为:
SELECT u1.nickname,
friends.id_friends,
friends.id_adder,
friends.id_added,
friends.id_tipus
FROM users u1
LEFT JOIN friends ON u1.id IN (friends.id_added, friends.id_adder)
LEFT JOIN users u2 ON u2.id IN (friends.id_added, friends.id_adder)
AND u2.nickname <> u1.nickname
WHERE u1.id = ?
您不应将$id
值注入SQL字符串,因为这会使您的代码容易受到SQL injection的攻击。而是使用prepared statements。