SESSION var在mysql查询中
[英]SESSION var in mysql query
问题描述
Is it possible to use $_SESSION[var] in INSERT and SELECT statements of mysql as in below 
是否可以在mysql的INSERT和SELECT语句中使用$_SESSION[var] ,如下所示
$query = "INSERT INTO table1 (id, var1, var2)
VALUES (NULL, '$_SESSION[var1]', '$_SESSION[var2]')";
mysql_query($query);
die(mysql_error());
NOTE: I have session_start(); 注意:我有session_start(); at the start of all my pages. 在我所有页面的开头。
2 个解决方案
解决方案1
2 已采纳 2011-11-18 22:41:15
Good idea to sanitize your vars before executing queries against them: 在对它们执行查询之前对var进行清理的好主意:
$var1 = mysql_real_escape_string($_SESSION['var1']);
$var2 = mysql_real_escape_string($_SESSION['var2']);
$query =
"INSERT INTO table1 (id, var1, var2) " .
"VALUES (NULL, '" . $var1 . "', '" . $var2 . "')";
mysql_query($query) or die(mysql_error());
Note that your last time line of code die(mysql_error()) will cause the script to stop execution regardless of whether or not an error occured. 请注意,无论是否发生错误,您最后的代码行die(mysql_error())都会导致脚本停止执行。
Also, you may want to look into PDO for your database interaction. 另外,您可能需要研究PDO与数据库的交互作用。
解决方案2
1 2011-11-18 22:40:45
Yes. 是。 In my opinion the best way to specify an array variable in an interpolated string is to put curly brackets around it so that you can utilize single quotes around the array key: 在我看来,在插值字符串中指定数组变量的最佳方法是将大括号括起来,以便可以在数组键周围使用单引号:
$query = "INSERT INTO table1 (id, var1, var2)
VALUES (NULL, '{$_SESSION['var1']}', {$_SESSION['var2']}')";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.