回聲里面的SQL SELECT語句

Question

我想獲取進行交易的會員的信息。 在頁面中，成員信息只有會話的用戶名，例如$member_name = $_SESSION['member_name'];

<?php
include_once("config.php");
if(isset($_SESSION["products"])) {
    $member_name = $_SESSION['member_name'];
    $total = 0;
    echo '<form action="cart-post-config.php" enctype="multipart/form-data" method="POST">';
    foreach ($_SESSION["products"] as $cart_itm) {
                    echo '<tr>';
                    echo '<td></td>';

                    <!---- THIS IS WHERE I PUT THE INFO OF USERNAME ---->
                    echo '<input type="hidden" name="member_name" value="'.$member_name.'"/>';

                    echo '<td><input type="text" readonly name="product_name[]" value="'.$cart_itm["name"].'"/></td>';
                    echo '<td><input type="text" readonly name="product_price[]" value="'.$cart_itm["price"].'"/></td>';
                    echo '<td><input type="text" readonly name="product_quantity[]" value="'.$cart_itm["qty"].'"/></td>';                           
                    $totalPerEach = ($cart_itm["price"]*$cart_itm["qty"]);

                    echo '<td><input type="text" readonly name="product_eachTotal[]" value="'.$totalPerEach.'"/></td>';
                    echo '<td>View Save Delete</td>';
                    echo '</tr>';
    }

在產品SESSION的回顯內，我想獲取成員的更多詳細信息，例如地址，密碼等。

    echo ' <!---- THIS IS WHERE I WANT TO WRITE SQL SELECT STATEMENT ---->
           <div id="process-to-detail">
               <div id="user-information">
                    <table>
                        <tr>
                            <td>Your Name is</td>
                            <td>Your Address is</td>
                            <td>Your Phone is</td>
                        </tr>
                    </table>
               </div>
          </div>';

在回顯內的上面的注釋中，我想編寫一條sql語句以獲取要點的成員的更多詳細信息select * from member_list where member_name=$_SESSION['member_name'];

請告訴我是否可以在echo'...'內創建sql語句； 如果不是，如何獲取會員詳細信息。

非常感謝。

Answer 1

包裝您要在函數中引入的功能，然后調用它。

例

    function getMyUserData($member_name)  {
        $myUserDataString = false;  // Default value.
        // your database connectivity
        $dbconn = new mysqli('server','user','password','database');
        // Sanitize your input to avoid SQL injection issues.
        $member_name = $dbconn->real_escape_string($member_name);
        // your sql statement
        //It would be better to use a unique id instead of a name.
        $sql = "SELECT `password`, `address` FROM `USERS` WHERE " .
            "`member_name` = '$member_name' LIMIT 1";  
        // execute query
        $result = $dbconn->query($sql);
        // check for query result
        if(is_object($result) && $result->num_rows > 0)  {
            // Get data from result.
            $myUserData = $result->fetch_assoc();
            // Free the result
            $result->free;
            // Access the fields you wanted
            $myUserDataString = "My user address: " . htmlentities($myUserData['address']);
            //You may echo the string here to cause the function to output your text
            // or return the value and echo it.  In this case we will return the value.
        }
        return $myUserDataString;
}
echo getMyUserData($_SESSION['member_name']);

我希望這有幫助..

PS通常，將密碼返回給客戶端不是一個好主意。 嘗試使用哈希或crypt進行單向加密。

有關詳細信息，請參見以下鏈接：

• http://php.net/manual/zh/function.crypt.php
• http://php.net/manual/zh/function.hash.php