0

我之前确实发过帖子,但无法正确解释我的问题,也无法解决。这就是我所拥有的。

$shoutlines = file($shout_file);

$aTemp = array();
foreach($matches['user'] as $user) {
    $aTemp[] = "'" . $user . "'";
}
$user = implode(",", $aTemp);

$rara = "SELECT * FROM accounts WHERE username IN ( $user )"; // Tried this statment both as a query and prepared statement
$getlevel = $db->query("SELECT * FROM accounts WHERE username IN '( ".$user." )'"); // Tried this both as a query and prepared statement
//$getlevel->bind_param('s', $user);
//$getlevel->execute();
//$level = $getlevel->get_result();
//$getlevel->store_result();
while($getdb = $getlevel->fetch_assoc()){
    //output the html
        for($i = 0; $i < (1000); $i++)
        {
            if(isset($shoutlines[$i]))
            {

                $shoutline = preg_replace('/<\/div>\n/', ' ', $shoutlines[$i], 1);
                echo showSmileys($shoutline) . "<div class='delete'><a href='javascript: delete_shoutline({$i});' title='Delele'>delete</a></div></div>";
            }
        }
}

我在for循环中有一个while不会在其中运行的循环,如果我将for循环移到它之外while它工作正常,但我需要它在while循环中检查用户的帖子标题、能力等,这些已保存在我的数据库中。我已经展示了到目前为止我在确定问题时所做的尝试,如果查询、绑定或执行未显示为真,但现在得到了命中,我已经尝试消除错误。已提取此代码,因此您的阅读能力不会太混乱,对此的任何帮助将不胜感激。

4

2 回答 2

2

当“爆炸”用户名时,您需要将每个用户名用引号括起来,而不是全部。还要使名称对数据输入安全。

$aTemp = array();
foreach($matches['user'] as $user) {
    $aTemp[] = '"' . mysql_real_escape_string($user) . '"';
}
$user = implode(",", $aTemp);

然后使用第一个查询:

"SELECT * FROM accounts WHERE username IN ( $user )";

编辑:添加错误检查:

$getlevel = $db->query("SELECT * FROM accounts WHERE username IN ( $user )");
if ($getlevel == false) {
    // Normally you'll build into a function or class, but this is the simple example
    // Never output SQL errors on a live site, but log to file or (if you can do it safely) the database.
    echo 'Whoopsie<br />';
    var_dump($db->errorInfo());
    exit();
}
于 2012-12-10T04:01:24.627 回答
0

使用带有IN子句的数据绑定并不是那么好,所以如果你真的需要IN并且不关心使用旧的,不推荐使用的mysql_*函数,试试这个:

$user="'".implode("','",array_map(function($s){
  return mysql_real_escape_string($s);
},$matches["user"])."'";
$rara="SELECT * FROM accounts WHERE username IN ($user)";
于 2012-12-10T04:08:27.330 回答