当我在SQL语句中使用会话名称时,它返回时没有结果,但是当我用真实用户名替换它时,它会返回结果。
$emails = mysql_query("SELECT reusers.email FROM reusers INNER JOIN repplac ON reusers.username = repplac.Uname AND reusers.username = '{$_SESSION['username']}'")or die(mysql_error());
$results = (mysql_fetch_assoc($emails)) or die(mysql_error());
$email= $results['email'];
echo "$email";
die();
而且更新也无效。
if(array_key_exists('item', $_POST)){
$items = $_POST['item'];
//Loop through $_POST items, updating the database for each item
foreach ($items as $item) {
$Pquantity = intval($item[0]);
$Pidno = intval($item[1]);
$queryreg = mysql_query("
UPDATE repplac
SET Pquantity = {$Pquantity}
WHERE
Pidno = {$Pidno}
AND
Uname = '{$_SESSION['username']}'
");
答案 0 :(得分:0)
$emails = mysql_query("SELECT reusers.email FROM reusers INNER JOIN repplac ON reusers.username = repplac.Uname AND reusers.username = '".$_SESSION['username']."'")or die(mysql_error());
答案 1 :(得分:0)
SESSION [username]中存储的字符串是否与MYSQL Select语句中的字符串相同。如果是,请尝试使用这样的SQL:
$emails = mysql_query("SELECT reusers.email FROM reusers INNER JOIN repplac ON reusers.username = repplac.Uname AND reusers.username = '".$_SESSION['username']."')or die(mysql_error());
只是提示防止SQL注入漏洞:永远不要将数据插入您通过GET或POST获得的数据库!对字符串使用intval()和mysql_real_escape_string()来防止对数据库的攻击!