1

这是我的登录用户名 php 代码

<p align="center">username: <?php echo $_SESSION['SESS_FIRST_NAME']; ?></p>

这是mysql查询

 $query = "SELECT * FROM `carddetail` where drivername='open' ORDER BY `carddetail_cardno` ASC LIMIT $from, $max_results";

如果我的驱动程序登录名是她的名字,那么我怎么能把这个驱动程序名放在这个地方驱动程序名='open'所以查询只显示她的名字数据

我怎么能把

在这

where drivername='<?php echo $_SESSION['SESS_FIRST_NAME']; ?>'

当我这样说时,它显示了这个错误

解析错误:语法错误,意外的 T_ENCAPSED_AND_WHITESPACE,在第 210 行的 E:\home.php 中需要 T_STRING 或 T_VARIABLE 或 T_NUM_STRING

请帮我解决这个问题谢谢

4

4 回答 4

3

像这样使用:

  $query = "SELECT * FROM `carddetail` 
  where 
  drivername='{$_SESSION['SESS_FIRST_NAME']}' 
  ORDER BY `carddetail_cardno` ASC LIMIT $from, $max_results";

但是,这种方式并不安全,可以使用mysql_real_escape_string():

  $drivername = mysql_real_escape_string($_SESSION['SESS_FIRST_NAME']);
  $query = "SELECT * FROM `carddetail` 
  where 
  drivername='$drivername' 
  ORDER BY `carddetail_cardno` ASC LIMIT $from, $max_results";

或者切换到 PDO 或 MySQLI 并使用准备好的语句(参数化查询)

于 2013-09-29T11:01:18.133 回答
0

使用如下:

 $query = "SELECT * FROM `carddetail` where drivername='". $_SESSION['SESS_FIRST_NAME'] ."' ORDER BY `carddetail_cardno` ASC LIMIT $from, $max_results";
于 2013-09-29T11:02:54.407 回答
0

您正在打开已经存在的变量中的PHP标签。$queryPHP

session_start();
if(isset($_SESSION['SESS_FIRST_NAME'])){
$session_fname = $_SESSION['SESS_FIRST_NAME'];
}

    $query = "SELECT * FROM `carddetail` where drivername= $session_fname ORDER BY `carddetail_cardno` ASC LIMIT $from, $max_results";
于 2013-09-29T11:03:06.537 回答
0

我建议您使用 MySQLi 或 PDO,因为这些mysql_功能现在已被弃用。

$db   = new mysqli($hostname, $username, $password, $db_name);
$name = $_SESSION['SESS_FIRST_NAME'];

$stmt = $db->prepare("SELECT * FROM carddetail WHERE drivername = ? ORDER BY `carddetail_cardno` ASC LIMIT $from, $max_results");
$stmt->bind_param("si", $name);
$stmt->execute();
$stmt->close();
于 2013-09-29T11:06:11.533 回答