PHP / MySQL:从登录用户输入的数据库中获取过滤数据的最佳方法是什么?
[英]PHP/ MySQL: What is the best way to get filtered data from a database that has been inputted by a logged in user?
问题描述
I am trying to create a page that displays a preview of all the data that each individual user has put into the database. 
我正在尝试创建一个页面,以显示每个用户已放入数据库的所有数据的预览。 Each user must only be able to see their own data. 每个用户只能看到自己的数据。
I have been using $SESSION's to post which logged in user is inputting what, and have tried to get my brain to think about the reverse action. 我一直在使用$ SESSION来发布哪个登录用户正在输入什么,并且试图让我的大脑思考反向操作。
I first wondered whether I could do 我首先想知道我是否可以做
SELECT * FROM input WHERE input .bodyshop_name=$_SESSION ['MM_Username'] SELECT * FROM input哪里input .bodyshop_name = $ _ SESSION ['MM_Username']
But that did not work. 但那没用。
As you can probably tell, I am new to PHP/MySQL, so any help would be appreciated. 如您所知,我是PHP / MySQL的新手,所以将不胜感激。
Thanks 谢谢
2 个解决方案
解决方案1
1 2010-05-12 14:45:40
if bodyshop_name is the username of the user who input that data, then a query like you said should work. 如果bodyshop_name是输入该数据的用户的用户名,则像您所说的查询应该起作用。
make sure $_SESSION['MM_Username'] is in single quotes when you write the query. 在编写查询时,请确保$ _SESSION ['MM_Username']用单引号引起来。
解决方案2
1 已采纳 2010-05-12 14:48:23
You will want to try this 您将要尝试这个
$sql = "SELECT * FROM `input` WHERE `input`.`bodyshop_name`='".mysql_real_escape_string($_SESSION['MM_Username'])."'";
Note the use of mysql_real_escape_string to sanatize any unwanted data. 请注意,使用mysql_real_escape_string清理所有不需要的数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.