在WHERE子句中使用值的字符串-MySQL

Question

我有一個像這樣的值字符串：

$cat = "1,5,6,8,9";

現在我想在WHERE子句中使用該變量。 我該怎么做 ？

"select category from test where category...?"

我正在使用下面的代碼，但是我從number_of_result變量得到null：

$array_of_cat = explode(",",$cat);

if($number_of_result == 0){
    $mresult = mysql_query("select * from books where
     GoodName like '%$title%' and GroupCode in ($array_of_cat) ");
    $number_of_result = mysql_num_rows($mresult);
}

Answer 1

您無需分解變量-這樣做會生成一個數組，當插入SQL字符串時，該數組將導致錯誤的值（字符串“ Array”）。

盡管這是不安全的（ SQL注入容易 ），您仍然可以這樣做：

if($number_of_result == 0){
    $mresult = mysql_query("select * from books where
     GoodName like '%$title%' and GroupCode in ($cat)");
    $number_of_result = mysql_num_rows($mresult);
}

我強烈建議您使用mysql_real_escape_string函數准備變量。

Answer 2

將您的SQL語句更改為此。 使用implode()在IN子句中傳遞數組元素

$mresult = mysql_query("
  SELECT * FROM books 
  WHERE GoodName LIKE '%$title%' AND GroupCode IN (" . implode(",", $array_of_cat) . ")");

Answer 3

$cat = array(1,5,6,8,9);

$array_of_cat = implode(",",$cat);

if($number_of_result > 0){
  $mresult = mysql_query("select * from books where
  GoodName like '%$title%' and GroupCode in ($array_of_cat) ");

$number_of_result = mysql_num_rows($mresult);
}

另外，我強烈建議您閱讀PDO / MySQLi