我有一个网站,我需要为每个客户使用单独的表名,因为必须始终通过手动导入来更新数据。
示例: kansas_users newyork_users
我已经将全局变量设置为$ client,它将在所有页面上创建状态名称,因此如果我回显“ $ client”;那么我将在任何页面上看到“堪萨斯州”。
如果可能的话,我希望将此变量作为SQL查询的一部分,以便于编写代码:
SELECT "nick, firstname, lastname, cell
FROM database.$client_members
where active =1 and id = $user->id";
这可能甚至安全吗?
答案 0 :(得分:0)
是的,您可以执行以下操作
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$client = 'kansas';
$table_name = "database." . $conn->real_escape_string($client) . "_members";
$query = sprintf("SELECT nick, firstname, lastname, cell
FROM %s WHERE active = 1 and id = ?", $table_name);
// prepare and bind
$stmt = $conn->prepare($query);
$stmt->bind_param("i", $user->id);
但是我认为您应该认真考虑normalizing您的数据库,以避免此类问题