清楚的方式来检查mysql查询中的朋友

时间:2017-03-01 21:51:22

标签: mysql

  • 首先,我有一个与用户表标识符对应的id,我通过get to php。
  • 我想检查:nickname.users,friends.id_friends,friends.id_adder,friends.id_added和friends.id_tipus,但最好还是检查friends.id_adder,friends.id_added并正确获取昵称。我制作的代码可以使用。

我的查询:

    SELECT users.nickname,
            friends.id_friends, friends.id_adder, friends.id_added, friends.id_tipus 
            FROM friends 
            LEFT JOIN users ON users.id=friends.id_added OR users.id=friends.id_adder
            WHERE 
            (friends.id_adder='".$id."' AND (SELECT nickname FROM users WHERE id='".$id."')<>users.nickname) 
            OR 
            (friends.id_added='".$id."' AND (SELECT nickname FROM users WHERE id='".$id."')<>users.nickname);

1 个答案:

答案 0 :(得分:2)

我会将该查询转换为:

SELECT    u1.nickname,
          friends.id_friends, 
          friends.id_adder, 
          friends.id_added, 
          friends.id_tipus 
FROM      users u1
LEFT JOIN friends  ON u1.id IN (friends.id_added, friends.id_adder)
LEFT JOIN users u2 ON u2.id IN (friends.id_added, friends.id_adder)
                   AND u2.nickname <> u1.nickname
WHERE     u1.id = ?

您不应将$id值注入SQL字符串,因为这会使您的代码容易受到SQL injection的攻击。而是使用prepared statements

相关问题
最新问题