使用PHP从MySQL数据库中提取ID号

时间:2011-05-17 14:24:32

标签: php mysql

我的作品中有一个PHP脚本,最终会检查数据库两次,一次查看用户是否已注册,一次获取用户ID(如果有人注册)

我有点工作(你可以找到下面的代码)

但是返回的值不是我想要的。我只想要一个简单的int数字,而不是我得到一个根据ID改变的字符串,它被设置为“资源ID#3”,但这对我没用,因为我想使用ID加入两个表格后面的表格,但如果ID是一个字符串,我就不能这样做。

是否有人知道如何从ID字段中获取数字?

<?php
$con = mysql_connect("localhost","thecynic_parkadm","parkers");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("thecynic_parkersdb", $con);

//Values to insert into the customer table of database

$firstname = $_POST['firstname'];
$secondname = $_POST['secondname'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$postcode = $_POST['postcode'];
$number1 = $_POST['number1'];
$number2 = $_POST['number2'];
$email = $_POST['email'];

$customerid = mysql_query("SELECT Customer_ID FROM customers WHERE EMail =      '$email'",$con);

//Values to insert into the booking table of database

$time = $_POST['time'];
$date = $_POST['date'];

//End variables

$result= mysql_query("SELECT * FROM customers WHERE EMail = '$email'",$con);
$num_rows = mysql_num_rows($result);

//echo "$num_rows Rows\n";

if($num_rows >= 1)
{ 
echo "$customerid";
//$sql="INSERT INTO booking (Customer_ID, Time, Date) VALUES ('$id', '$time',     '$date')";
}
else
{
$sql="INSERT INTO customers (First_Name, Second_Name, Address1, Address2, Post_Code,   Home_Number, Mobile_Number, EMail)
VALUES ('$firstname', '$secondname', '$address1', '$address2', '$postcode', '$number1',     '$number2', '$email')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
}

mysql_close($con);
?>

我知道有些行被注释掉了。但它们并不相关。

5 个答案:

答案 0 :(得分:2)

您必须获取结果。 mysql_query只返回一个资源:

$result = mysql_query("SELECT Customer_ID FROM customers WHERE EMail ='$email'",$con);
list($customerid) = mysql_fetch_row($result);

mysql_fetch_row函数返回一个数组。我使用list自动获取数组的元素(在本例中只是一个)并填充变量。

此外,您应该阅读SQL注入,因为您的代码容易受到攻击。

答案 1 :(得分:2)

mysql_query只返回指向资源的指针,你必须使用mysql_fetch_assoc或mysql_fetch_array来获取数据。 

$result = mysql_fetch_assoc(mysql_query("SELECT Customer_ID FROM customers WHERE EMail =      '$email'",$con));
$customerid = $result['Customer_ID'];

阅读手册:http://php.net/manual/en/function.mysql-query.php并尝试使用MySQLi或PDO_mysql。

答案 2 :(得分:1)

<?php
$con = mysql_connect("localhost","thecynic_parkadm","parkers");
if (!$con)
  die('Could not connect: ' . mysql_error());

mysql_select_db("thecynic_parkersdb", $con);

$firstname = mysql_real_escape_string($_POST['firstname']);
$secondname = mysql_real_escape_string($_POST['secondname']);
$address1 = mysql_real_escape_string($_POST['address1']);
$address2 = mysql_real_escape_string($_POST['address2']);
$postcode = mysql_real_escape_string($_POST['postcode']);
$number1 = mysql_real_escape_string($_POST['number1']);
$number2 = mysql_real_escape_string($_POST['number2']);
$email = mysql_real_escape_string($_POST['email']);

$result = mysql_fetch_assoc(mysql_query("SELECT Customer_ID FROM customers WHERE EMail =      '$email'",$con));
$customerid = $result['Customer_ID'];


$time = mysql_real_escape_string($_POST['time']);
$date = mysql_real_escape_string($_POST['date']);


$result= mysql_query("SELECT * FROM customers WHERE EMail = '$email'",$con);
$num_rows = mysql_num_rows($result);

//echo "$num_rows Rows\n";

if($num_rows)
{ 
echo $customerid;
//$sql="INSERT INTO booking (Customer_ID, Time, Date) VALUES ('$id', '$time',     '$date')";
}
else
{
 $sql="INSERT INTO customers (First_Name, Second_Name, Address1, Address2, Post_Code,   Home_Number, Mobile_Number, EMail)
 VALUES ('$firstname', '$secondname', '$address1', '$address2', '$postcode', '$number1',     '$number2', '$email')";
 if (!mysql_query($sql,$con))
  die('Error: ' . mysql_error());
}
mysql_close($con);
?>

答案 3 :(得分:1)

mysql_query()函数返回一个对象,因此您需要迭代它以获取Customer_ID。

此外,您再次运行相同的查询以查看记录是否存在。您可以通过将$customerid初始化为0来消除该额外查询,然后测试以查看它是否具有稍后的值(这显然意味着该记录存在)。

$customerid = 0;
$result = mysql_query("SELECT Customer_ID FROM customers WHERE EMail = '$email'",$con);
while ($row = mysql_fetch_assoc($result)) {
    $customerid = $row['Customer_ID'];
}

...

if( ! empty($customerid) ) {
    echo $customerid;
} else {
    ...
}

答案 4 :(得分:0)

好的,我会回答你的问题并同时给你一些建议。发生了什么事让你对PHP调用PHP的工作方式感到困惑。过程是这样的:

  1. 连接数据库
  2. 运行查询
  3. 循环搜索结果,直到不再存在,对每个已处理的行执行操作,或者如果只有一个结果,则抓取一个结果并对其进行操作。

    4. 现在再开始:

    $con = mysql_connect("localhost","user","password");
if (!$con)
{
   die('Could not connect: ' . mysql_error());
}

    好的,这里好。但是,如果数据库无法连接,您应该将用户重定向到错误页面,或者在他们所在的页面上显示错误。只是消亡会造成糟糕的用户体验。

    // You can also make your calls to mysql_real_escape_string here
// I do it down below because the calls up to the insert might fail
$firstname = $_POST['firstname'];
$secondname = $_POST['secondname'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$postcode = $_POST['postcode'];
$number1 = $_POST['number1'];
$number2 = $_POST['number2'];
$email = $_POST['email'];

    好的临时变量的可读性和更容易的字符串扩展,我可以处理。

    $customerid = mysql_query("SELECT Customer_ID FROM customers WHERE EMail =      '$email'",$con);

    这里有些问题。首先,你要自己接受SQL注入。当您输入用户输入值时,在这种情况下$_POST,您需要使用mysql_real_escape_string之类的内容来转义它们。为什么?阅读SQL注入,你会发现。此外,由于$con是唯一的活动连接,因此您无需指定它。

    如果查询失败,或者要使用的结果集,则mysql_query的结果为false。考虑到这一点,您需要确保查询实际工作:

    // I think you meant Email and not EMail by the way
$customer_result = mysql_query("SELECT Customer_ID FROM customers WHERE Email =      '" . mysql_real_escape_string($email) . "'");
if(!$customer_result) {
  // do something here to notify the user that there was an error
  // you can use mysql_error and mysql_errno to see what happened
}

    很好,现在如果有效,我们需要处理客户是否存在,以及他们是否抓住了客户ID。

    if(mysql_num_rows($customer_result) > 0) {
  $customer_info = mysql_fetch_assoc($customer_result);
  $customer_id = $customer_info['Customer_ID'];
}
else {
  $customer_id = 0; // no customer found
}

    这就是你获取返回一个结果的查询结果的方法。现在我们已经看到客户是否存在,并且拥有他们的ID,我们可以采取适当的行动:

    if($customer_id)
{ 
    // I'm assuming your Customer_ID is numeric, so you don't need to
    // surround it with quotes
    $sql="INSERT INTO booking (Customer_ID, Time, Date) VALUES (
    $customer_id, 
    '" . mysql_real_escape_string($time) . "', 
    '" . mysql_real_escape_string($date) . "'
    )";
    // I give my results individual names so it's easy to see
    // which one is being used
    $booking_result = mysql_query($sql);
    if(!$booking_result) {
      // again handle errors
    }
}
else
{
  $sql="INSERT INTO customers (
   First_Name, Second_Name, Address1, Address2, 
   Post_Code, Home_Number, Mobile_Number, Email)
   VALUES (
   '" . mysql_real_escape_string($firstname) . "', 
   '" . mysql_real_escape_string($secondname) . "', 
   '" . mysql_real_escape_string($address1) . "', 
   '" . mysql_real_escape_string($address2) . "', 
   '" . mysql_real_escape_string($postcode) . "', 
   '" . mysql_real_escape_string($number1) . "',
   '" . mysql_real_escape_string($number2) . "', 
   '" . mysql_real_escape_string($email) . "');
  $customer_insert_result = mysql_query($sql);
  if(!$cusomter_insert_result) {
    // Handle error
  }
}

mysql_close($con);

    可能存在语法错误,因为这是我要立即测试的代码,但我希望它能够解释并向您展示处理代码的好方法。

相关问题
最新问题