ORDER BY不与会话一起使用

时间:2017-04-29 20:01:00

标签: php mysqli

我想从表session_details中获取最新记录,因此我使用了ORDER BY ... DESC,但输出没有到来。我有一个用户会话,以便从登录本身获取值。 

    <head>
    <title></title>
</head>
<body>
<a href="../includes/logout.php"> logout mofo </a><br>

<?php
if(!isset($_SESSION)) 
    { 
        session_start(); 
    }

include_once('../includes/connection.php');

echo $_SESSION['id'];

$sql = "SELECT * FROM session_details  WHERE student_id = '" . $_SESSION['id'] . "' ORDER BY 'session_id DESC LIMIT 1 ";
$result = mysqli_query($conn, $sql);

if ($result) {
    while($row = mysqli_fetch_assoc($result)) {
    echo "Session ID:" . $row["session_id"] . "<br>";
    echo "ID: " . $row["student_id"] ."<br>";
    echo "Student Name: " . $row["student_name"]. "<br>";
    echo "Lecturer Name: " . $row["supervisor_name"]. "<br>";

    }
} else {
    echo "0 results";
}

?>

</body>
</html>

1 个答案:

答案 0 :(得分:2)

在输出缓冲区发送任何内容之前,应先执行

session_start()。它不需要在测试中,只需在执行任何其他操作之前在需要它的每个脚本中启动会话。

<?php
    session_start(); 
?>
<head>
    <title></title>
</head>
<body>
<a href="../includes/logout.php"> logout mofo </a><br>

<?php
include_once('../includes/connection.php');

echo $_SESSION['id'];

$sql = "SELECT * 
        FROM session_details  
        WHERE student_id = '" . $_SESSION['id'] . "' 
        ORDER BY session_id DESC LIMIT 1 ";
$result = mysqli_query($conn, $sql);

if ($result) {
    while($row = mysqli_fetch_assoc($result)) {
    echo "Session ID:" . $row["session_id"] . "<br>";
    echo "ID: " . $row["student_id"] ."<br>";
    echo "Student Name: " . $row["student_name"]. "<br>";
    echo "Lecturer Name: " . $row["supervisor_name"]. "<br>";

    }
} else {
    echo "0 results";
}
?>
</body>
</html>

您应该使用参数化绑定查询来保护您免受SQl注入

<?php
    session_start(); 
?>
<head>
    <title></title>
</head>
<body>
<a href="../includes/logout.php"> logout mofo </a><br>

<?php
include_once('../includes/connection.php');

echo $_SESSION['id'];

$sql = "SELECT * 
        FROM session_details  
        WHERE student_id = ?
        ORDER BY `session_id` DESC LIMIT 1 ";
$stmt = $conn->prepare($sql);
$stmt->bind_param('i', $_SESSION['id']);
$result = $stmt->execute();

while($row = $result->fetch_assoc()) {
    echo "Session ID:" . $row["session_id"] . "<br>";
    echo "ID: " . $row["student_id"] ."<br>";
    echo "Student Name: " . $row["student_name"]. "<br>";
    echo "Lecturer Name: " . $row["supervisor_name"]. "<br>";

}
?>
</body>
</html>
相关问题
最新问题