基于PHP变量的MySQL WHERE
[英]MySQL WHERE based on PHP variable
问题描述
I have a form where I collect a bunch of basic information (name, email, etc), I then post that to a database. 
我有一个收集大量基本信息(姓名,电子邮件等)的表格,然后将其发布到数据库中。 On that form, I use the php date function to insert a "day", "month", and "year" database column so it will show me what date the form data was submitted. 在该表单上,我使用php date函数插入“日”,“月”和“年”数据库列,以便它将显示表单数据的提交日期。
I want to output this to a table (so I can check it without logging into the db), and I want that table to default to the current date. 我想将其输出到表中(这样我就可以在不登录数据库的情况下进行检查),并且希望该表默认为当前日期。 I thought something like this would work, but it doesn't: 我以为这样的事情会奏效,但不会:
$query="SELECT * FROM form_data WHERE day='echo date("d");' AND month='echo date("m");' AND year='echo date("Y");'";
Ultimately, I want to have some date select boxes where the table is displayed, so I can select any date I want, submit, and return the relevant data to the table. 最终,我希望在显示表的位置有一些日期选择框,以便选择想要的任何日期,然后提交相关数据并将其返回到表中。 But the first step is just getting the table to default to display today's current data. 但是第一步只是将表设置为默认值,以显示今天的当前数据。
Much appreciated if anybody can help. 非常感谢任何人都可以提供帮助。
4 个解决方案
解决方案1
2 2012-08-20 03:32:28
To make the thread complete I am gonna go ahead and suggest mysqli::prepare . 为了使线程完整,我将继续建议mysqli::prepare 。 As it is stated here it prepares the query and returns a handle to it. 如此处所述,它准备查询并返回查询句柄。
It is to prevent SQL injection, lower the query parsing overhead, and improve code readability. 这是为了防止SQL注入,降低查询解析开销并提高代码可读性。 All and all it is a better practice to use prepare. 总之,使用prepare是更好的做法。
And this is how you do it: 这是您的操作方式:
$database = new mysqli('localhost', 'username', 'password', 'database');
if ($stmt = $database->prepare("SELECT * FROM form_data WHERE day=? AND month=? AND year=?")) {
$stmt->bind_param('sss', date("d"), date("m"), date("Y"));
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();
}
$database->close();
In the code above $result contains the rows read from database. 在$result以上的代码中,包含从数据库读取的行。
Here is the PDO version: 这是PDO版本:
$stmt = $database->prepare("SELECT * FROM form_data WHERE day=? AND month=? AND year=?")
$stmt->execute(array("".date("d"), "".date("m"), "".date("Y")));
解决方案2
1 已采纳 2012-08-20 03:03:33
You can't do echo date("d"); 您不能执行echo date(“ d”); in an sql statement or you would be effectively putting a statement inside a statement. 在sql语句中,否则您将有效地将一条语句放入一条语句中。
You must save your echo date("d"); 您必须保存回显日期(“ d”); into a variable and then do something like 变成一个变量,然后做类似的事情
$myDay = date("d");
$myMonth = date("m");
$myYear = date("Y");
$query="SELECT * FROM form_data
WHERE day='$myDay'
AND month='$myMonth'
AND year='$myYear'";
or use separating . 或使用分隔。 to shoot them in like 像
$query="SELECT * FROM form_data
WHERE day='".date("d")."'
AND month='".date("m")."'
AND year='".date("Y")."'";
解决方案3
0 2012-08-20 03:04:35
Something like 就像是
$query="SELECT * FROM form_data WHERE day='" . date("d") . "' AND month='" . date("m") . "' AND year='" . date("Y") . "'";
should work. 应该管用。
Good way to debug your queries is to output them as a string to see how PHP interpreted it. 调试查询的好方法是将它们输出为字符串,以查看PHP如何解释它。
echo "SELECT * FROM form_data WHERE day='" . date("d") . "' AND month='" . date("m") . "' AND year='" . date("Y") . "'"
Also note that this method is subject to SQL Injection. 另请注意,此方法受SQL注入的约束。
解决方案4
0 2018-07-18 07:55:31
我用它,它对我有用, select * from record where date1=CURDATE()我希望这是你想要做的
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.