我有一个简单的问题。如何将存储在字段中的数据用作查询中的变量?
在此示例中,我想使用 crypt 并需要数据库的密码字段中的值。我应该如何管理它。
$myusername=strtolower($myusername);
$query='SELECT * FROM auth '
."WHERE uname='$myusername' "
."and pword=crypt('$mypassword','pword')";
$result= mysqli_query($connection, $query);
if(mysqli_num_rows($result)>0)......
pword并且uname是我在 auth 表中的字段名称。PHP这是我在and中的第一个脚本SQL。
如果要引用数据库中的字段,请不要引用它:
$myusername = $connection->real_escape_string(strtolower($myusername));
$mypassword = $connection->real_escape_string($mypassword);
$query='SELECT * FROM auth'
."WHERE uname='$myusername'"
."and pword=crypt('$mypassword',pword)";
我建议改用准备好的语句:
$myusername = strtolower($myusername);
$sql = "SELECT * FROM auth HERE uname = ? and pword = crypt(?, 'pword')";
// prepare statement
$stmt = mysqli_prepare($connection, $sql);
if(!$stmt)die('can not prepare statement');
// supply parameter values:
mysqli_stmt_bind_param($stmt, 'ss', $myusername, $mypassword);
// execute
if(!mysqli_stmt_execute($stmt))die('can not execute statement');
// if there are rows...
if(mysqli_stmt_num_rows($stmt)){
// bind to variables
mysqli_stmt_bind_result($stmt, $col1, $col2 /* , colN */);
// output
while(mysqli_stmt_fetch($stmt)) {
var_dump($col1, $col2 /* , colN */);
}
}
// free statement
mysqli_stmt_close($stmt);
我建议进一步阅读:
假设 $connection 是您的数据库连接:
$connection = new mysqli("localhost", "my_db_user", "my_db_password", "my_table");
并假设您想获取字段 user_id 和加密密码:
$myusername = $connection->real_escape_string(strtolower($myusername));
$query="SELECT user_id, crypt('{$mypassword}','pword') AS my_password FROM `auth`
WHERE uname='{$myusername}'
and pword=crypt('{$mypassword}','pword')";
$result = $connection->query($query);
if ($result !== false && $result->num_rows > 0) {
$row = $result->fetch_object();
$myUserID = $row->user_id;
$myPassword = $row->my_password;
}
备注:
希望这会有所帮助。