從 mysqli_Query 回顯結果

Question

我正在制作一個供我自己使用的個人腳本，我需要知道如何從 mysqli_query 回顯結果。 我的代碼如下：

$conn = mysqli_connect($servername, $username, $password, $dbname);

if(isset($_POST['commercial'])){
if (isset($_POST['0'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a'";
    $resultsd1 = mysqli_query($conn, $sql);
    echo $resultsd1;
}   
if (isset ($_POST['1'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 2 AND sent='a'";
    $resultsd2 = mysqli_query($conn, $sql);
    echo $resultsd2;
}   
if (isset($_POST['2'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 3 AND sent='a'";
    $resultsd3 = mysqli_query($conn, $sql);
    echo $resultsd3;
}
if (isset ($_POST['3'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 4 AND sent='a'";
    $resultsd4 = mysqli_query($conn, $sql);
    echo $resultsd4;
}
if (isset ($_POST['4'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 5 AND sent='a'";
    $resultsd5 = mysqli_query($conn, $sql);
    echo $resultsd5;
}

}
?>

Answer 1

如果要輸出多行

if (isset($_POST['0'])) {
 $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a'";
 $resultsd1 = mysqli_query($conn, $sql);

 while ($row = mysqli_fetch_assoc($resultsd1))
 {
    echo $row['email'];
 }
}   

如果只有 1 行

if (isset($_POST['0'])){
 $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a' LIMIT 1";
 $resultsd1 = mysqli_query($conn, $sql);

 $row = mysqli_fetch_assoc($resultsd1);

 echo $row['email'];
}   

Answer 2

首先，正如@fred-ii 所說，轉義您的帖子，您的 $_POST 訪問也存在錯誤，您缺少文章鍵周圍的引號，最后使用 mysqli_fetch_assoc 訪問您的結果：

...
if (isset($_POST['0'])) {
    $article = mysqli_real_escape_string($conn, $_POST['article']);
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$article' AND dripid = 1 AND sent='a'";
    if ($resultsd1 = mysqli_query($conn, $sql)) {
        if ($row = mysqli_fetch_assoc($resultsd1)) {
            echo $row['email'];
        }
    }
}
...   

Answer 3

您可以簡單地使用foreach循環在結果對象上循環。 如果要將所有行提取到 PHP 變量中，可以使用fetch_all() 。

$result = mysqli_query($conn, 'SELECT ...');
foreach($result as $row) {
    print_r($row);
    // do something with each row
}
// or
$result = $conn->('SELECT ...')->fetch_all(MYSQLI_ASSOC);
foreach($result as $row) {
    print_r($row);
    // do something with each row
}

但是，在您的情況下，您根本不應該使用mysqli_query() ！ 這使您容易受到 SQL 注入的影響。 您必須使用參數綁定，這可用於准備好的語句。

例如，您的固定查詢如下所示：

$stmt = $con->prepare("SELECT email FROM CommercialEmails WHERE articleid = ? AND dripid = 1 AND sent = 'a' ");
$stmt->bind_param('s', $_POST['article']);
$stmt->execute();
$result = $stmt->get_result();
foreach ($result as $row) {
    print_r($row);
}

不同的是我的變量沒有和SQL分開，所以不存在注入的風險。 您永遠不應該在 SQL 查詢中直接允許任何變量輸入。 正確地做到這一點真的沒有那么困難。

此外，您真的不需要重復太多代碼。 您也可以參數化dripid並減少代碼中的行數。