![](/img/trans.png)
[英]MySQL: Return only rows in one table where ALL values in one column of another table are the same
[英]Mysql Return all values of a table where column is equal to user input
我有一些sql语句,它接受一个数字,如果该数字等于数据库中一列的值,它应该返回数据库中具有相同值的所有行。 不幸的是,这些行仅返回值为0的blog_post_id。
这是我的代码如下:
<?php
$options = array(
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
);
$blog_post_id = !empty($_POST['blog_post_id']) ? $_POST['blog_post_id']
: '';
$pdo=new PDO("mysql:dbname=db;host=localhost","username","password",
$options);
$statement=$pdo->prepare("SELECT * FROM comment WHERE blog_post_id =
'$blog_post_id'");
$statement->execute();
$results=$statement->fetchAll(PDO::FETCH_ASSOC);
$json=json_encode($results);
if ($json)
echo $json;
else
echo json_last_error_msg();
?>
您实际上错过了使用函数prepare()
并且需要检查查询是否确实返回了任何结果。
<?php
$options = array(
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'
);
$blog_post_id = !empty($_POST['blog_post_id']) ? $_POST['blog_post_id'] : '';
$pdo = new PDO("mysql:dbname=db;host=localhost", "username", "password", $options);
$statement = $pdo->prepare("SELECT * FROM comment WHERE blog_post_id = ?");
$statement->execute([$blog_post_id]);
$results = $statement->fetchAll(PDO::FETCH_ASSOC);
$json = array();
if (count($results) > 0) {
foreach ($results as $row) {
$json[] = array(
'id' => $row['blog_post_id'],
'Field' => $row['Column'],
'AnotherField' => $row['AnotherColumn'],
'AnotherField1' => $row['AnotherColumn1'],
'ETC' => $row['AnotherColumnName']
);
}
echo json_encode($json);
} else {
echo "no data found";
}
?>
您应该像这样进行变量绑定:
$pdo=new PDO("mysql:dbname=db;host=localhost","username","password", $options);
$statement=$pdo->prepare("SELECT * FROM comment WHERE blog_post_id = :blog_post_id");
$statement->execute(['blog_post_id' => $blog_post_id]);
这也将防止第1级SQL注入,如下所述: PDO准备好的语句是否足以防止SQL注入?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.