stackoom
  简体   繁体   中英

Using result from one query to as a WHERE clause

 原文  2013-03-05 20:44:10       php/ json/ phpmyadmin

Question

I am trying to get the postcode with one query and use it in the where clause for another query. 

<?php
$mobile = '07790807055';
//$mobile = $_POST['mobile'];


mysql_connect("", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());

$query =("SELECT POSTCODE FROM appregistration WHERE MOBILE_NUMBER = '$mobile'");
$result = mysql_query ($query) or die ("Unable to connect. " . mysql_error());
$row = mysql_fetch_array($result);
$postcode = $row['POSTCODE'];
/// gets postcode from appregistration table 

$sql=mysql_query("SELECT INCIDENT_ID, INVESTIGATION,TYPE_OF_INCIDENT,DESCRIPTION FROM appreports WHERE POSTCODE = '$postcode'");
//uses postcode from ppregistration table  to find info from appreports table 

while($row=mysql_fetch_assoc($sql)) $output[]=$row;

print(json_encode($output));

mysql_close();
?>

2 answers

solution1
 2 ACCPTED  2013-03-05 20:50:01

Why not use a JOIN rather than running two queries: 

SELECT `INCIDENT_ID`, `INVESTIGATION`, `TYPE_OF_INCIDENT`, `DESCRIPTION`
FROM `appreports`
INNER JOIN `appregistration` ON `appreports`.`POSTCODE` = `appregistration`.`POSTCODE`
WHERE `appregistration`.`MOBILE_NUMBER` = '$mobile'

For example: 

<?php
$mobile = '07790807055';

mysql_connect("", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());

$sql = mysql_query("SELECT `INCIDENT_ID`, `INVESTIGATION`, `TYPE_OF_INCIDENT`, `DESCRIPTION`
                    FROM `appreports`
                    INNER JOIN `appregistration` 
                    ON `appreports`.`POSTCODE` = `appregistration`.`POSTCODE`
                    WHERE `appregistration`.`MOBILE_NUMBER` = '$mobile'");

while($row=mysql_fetch_assoc($sql))
{
    $output[] = $row;
}

print(json_encode($output));

mysql_close();
?>

solution2
 0  2013-03-05 20:54:17

Leaving aside the glaring SQL injection vulnerability, the dubious commenting (the redundant punctuation) in the code, the deprecated API and the reliance on default parameters in the call to mysql_fetch_array(), the unnecessary split query, and a few other things which should be picked up in any code review but which don't actually affect the functionality....You don't actually say what happens when you run the code.

Does the first query return a result?

What happens when you run the queries via the mysql CLI or phpmyadmin?

UPDATE

this is the error i am getteing if i use join "Parse error: syntax error, unexpected '`' on line 20

OK, it is a SQL injection bug that's causing the problem - I assume that this is line 20: 

$sql=mysql_query("SELECT INCIDENT_ID, INVESTIGATION,TYPE_OF_INCIDENT
      ,DESCRIPTION FROM appreports WHERE POSTCODE = '$postcode'");

$postcode contains one or more single quotes. Escape it: 

    $sql=mysql_query("SELECT INCIDENT_ID, INVESTIGATION,TYPE_OF_INCIDENT
      ,DESCRIPTION FROM appreports WHERE POSTCODE = '".
      mysql_real_escape_string($postcode) . "'");

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What is the way to use the one query result in where clause in laravel like we do in sql query using where in clause? Using the result of a select clause for a where clause to MySQL SQL Query result, comparison and where clause Iterate one result at a time where a if clause is true How to create a query to get result that using where clause as result array index? SQL Query to select from a table using a WHERE clause on another table Is there any way to remove where clause from query using logic? Transferring data from one table to another using a where clause mysql Where and Or Where clause in a single query ? Using codeigniter Where in clause using order by to get the result
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM