stackoom
  简体   繁体   中英

Mysql Return all values of a table where column is equal to user input

 原文  2017-07-07 11:19:45       php/ mysql/ pdo

Question

I have some sql statements that accepts a number and if that number is equal to the value of a column in a database, it should return all rows in the database that has the same value. Unfortunately the rows only return blog_post_id that has a value 0.

This is my codes below: 

<?php
$options = array(
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
);
$blog_post_id = !empty($_POST['blog_post_id']) ? $_POST['blog_post_id'] 
: '';

$pdo=new PDO("mysql:dbname=db;host=localhost","username","password", 
$options);
$statement=$pdo->prepare("SELECT * FROM comment WHERE blog_post_id = 
'$blog_post_id'");
$statement->execute();
$results=$statement->fetchAll(PDO::FETCH_ASSOC);
$json=json_encode($results);
if ($json)
    echo $json;
else
    echo json_last_error_msg();

?>

2 answers

solution1
 0  2017-07-07 11:29:45

You are actually missing the point of using the function prepare() and you need to check if the query does actually return any results.. 

<?php
$options      = array(
    PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'
);
$blog_post_id = !empty($_POST['blog_post_id']) ? $_POST['blog_post_id'] : '';

$pdo       = new PDO("mysql:dbname=db;host=localhost", "username", "password", $options);
$statement = $pdo->prepare("SELECT * FROM comment WHERE blog_post_id = ?");
$statement->execute([$blog_post_id]);
$results   = $statement->fetchAll(PDO::FETCH_ASSOC);

$json = array();

if (count($results) > 0) {
    foreach ($results as $row) {
        $json[] = array(
            'id' => $row['blog_post_id'],
            'Field' => $row['Column'],
            'AnotherField' => $row['AnotherColumn'],
            'AnotherField1' => $row['AnotherColumn1'],
            'ETC' => $row['AnotherColumnName']
        );
    }

    echo json_encode($json);
} else {

    echo "no data found";
}

?>

solution2
 0  2017-07-07 11:35:07

You should do variable binding like so: 

$pdo=new PDO("mysql:dbname=db;host=localhost","username","password", $options);
$statement=$pdo->prepare("SELECT * FROM comment WHERE blog_post_id = :blog_post_id");
$statement->execute(['blog_post_id' => $blog_post_id]);

This will also prevent 1st level SQL-Injection as described here: Are PDO prepared statements sufficient to prevent SQL injection?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question MySQL: Return only rows in one table where ALL values in one column of another table are the same MySQL/PHP - Select all the rows where column from table 1 is equal to column from table 2 and creating a foreach loop PHP/MySQL - Select all the rows where column from table 1 is equal to column from table 2 Return all records where column 2 is equal to 1 (in column 3) without searching in column 2 Return rows where sum of a single column is equal to “16” in mysql get the values from table where the column value is not equal to zero MySQL - Return all values if input is empty mysql where column = all posible values Select all where values equal 1? MySql get rows where one column equals to another colum in another table where one column is equal
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM