来自 mysqli_Query 的回显结果
Echo results from mysqli_Query
我正在制作一个供自己使用的个人脚本,我需要知道如何回显 mysqli_query 的结果。我的代码如下:
$conn = mysqli_connect($servername, $username, $password, $dbname);
if(isset($_POST['commercial'])){
if (isset($_POST['0'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a'";
$resultsd1 = mysqli_query($conn, $sql);
echo $resultsd1;
}
if (isset ($_POST['1'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 2 AND sent='a'";
$resultsd2 = mysqli_query($conn, $sql);
echo $resultsd2;
}
if (isset($_POST['2'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 3 AND sent='a'";
$resultsd3 = mysqli_query($conn, $sql);
echo $resultsd3;
}
if (isset ($_POST['3'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 4 AND sent='a'";
$resultsd4 = mysqli_query($conn, $sql);
echo $resultsd4;
}
if (isset ($_POST['4'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 5 AND sent='a'";
$resultsd5 = mysqli_query($conn, $sql);
echo $resultsd5;
}
}
?>
如果要输出多行
if (isset($_POST['0'])) {
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a'";
$resultsd1 = mysqli_query($conn, $sql);
while ($row = mysqli_fetch_assoc($resultsd1))
{
echo $row['email'];
}
}
如果只有1行
if (isset($_POST['0'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a' LIMIT 1";
$resultsd1 = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($resultsd1);
echo $row['email'];
}
首先正如@fred-ii所说,转义你的post,你的$_POST访问也有错误,你缺少文章关键字周围的引号,最后使用mysqli_fetch_assoc访问您的结果:
...
if (isset($_POST['0'])) {
$article = mysqli_real_escape_string($conn, $_POST['article']);
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$article' AND dripid = 1 AND sent='a'";
if ($resultsd1 = mysqli_query($conn, $sql)) {
if ($row = mysqli_fetch_assoc($resultsd1)) {
echo $row['email'];
}
}
}
...
您可以简单地使用 foreach 循环在结果对象上循环。如果要将所有行提取到 PHP 变量中,可以使用 fetch_all().
$result = mysqli_query($conn, 'SELECT ...');
foreach($result as $row) {
print_r($row);
// do something with each row
}
// or
$result = $conn->('SELECT ...')->fetch_all(MYSQLI_ASSOC);
foreach($result as $row) {
print_r($row);
// do something with each row
}
但是,在您的情况下,您根本不应该使用 mysqli_query()!这使您容易受到 SQL 注入攻击。您必须使用参数绑定,它可用于准备好的语句。
例如,您的固定查询如下所示:
$stmt = $con->prepare("SELECT email FROM CommercialEmails WHERE articleid = ? AND dripid = 1 AND sent = 'a' ");
$stmt->bind_param('s', $_POST['article']);
$stmt->execute();
$result = $stmt->get_result();
foreach ($result as $row) {
print_r($row);
}
不同的是我的变量没有和SQL分开,所以没有注入的风险。你不应该允许直接在 SQL 查询中输入任何变量。正确地做到这一点并不难。
另外,你真的不需要那么多重复代码。您也可以参数化 dripid 并减少代码中的行数。
我正在制作一个供自己使用的个人脚本,我需要知道如何回显 mysqli_query 的结果。我的代码如下:
$conn = mysqli_connect($servername, $username, $password, $dbname);
if(isset($_POST['commercial'])){
if (isset($_POST['0'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a'";
$resultsd1 = mysqli_query($conn, $sql);
echo $resultsd1;
}
if (isset ($_POST['1'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 2 AND sent='a'";
$resultsd2 = mysqli_query($conn, $sql);
echo $resultsd2;
}
if (isset($_POST['2'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 3 AND sent='a'";
$resultsd3 = mysqli_query($conn, $sql);
echo $resultsd3;
}
if (isset ($_POST['3'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 4 AND sent='a'";
$resultsd4 = mysqli_query($conn, $sql);
echo $resultsd4;
}
if (isset ($_POST['4'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 5 AND sent='a'";
$resultsd5 = mysqli_query($conn, $sql);
echo $resultsd5;
}
}
?>
如果要输出多行
if (isset($_POST['0'])) {
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a'";
$resultsd1 = mysqli_query($conn, $sql);
while ($row = mysqli_fetch_assoc($resultsd1))
{
echo $row['email'];
}
}
如果只有1行
if (isset($_POST['0'])){
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a' LIMIT 1";
$resultsd1 = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($resultsd1);
echo $row['email'];
}
首先正如@fred-ii所说,转义你的post,你的$_POST访问也有错误,你缺少文章关键字周围的引号,最后使用mysqli_fetch_assoc访问您的结果:
...
if (isset($_POST['0'])) {
$article = mysqli_real_escape_string($conn, $_POST['article']);
$sql = "SELECT email FROM CommercialEmails WHERE articleid = '$article' AND dripid = 1 AND sent='a'";
if ($resultsd1 = mysqli_query($conn, $sql)) {
if ($row = mysqli_fetch_assoc($resultsd1)) {
echo $row['email'];
}
}
}
...
您可以简单地使用 foreach 循环在结果对象上循环。如果要将所有行提取到 PHP 变量中,可以使用 fetch_all().
$result = mysqli_query($conn, 'SELECT ...');
foreach($result as $row) {
print_r($row);
// do something with each row
}
// or
$result = $conn->('SELECT ...')->fetch_all(MYSQLI_ASSOC);
foreach($result as $row) {
print_r($row);
// do something with each row
}
但是,在您的情况下,您根本不应该使用 mysqli_query()!这使您容易受到 SQL 注入攻击。您必须使用参数绑定,它可用于准备好的语句。
例如,您的固定查询如下所示:
$stmt = $con->prepare("SELECT email FROM CommercialEmails WHERE articleid = ? AND dripid = 1 AND sent = 'a' ");
$stmt->bind_param('s', $_POST['article']);
$stmt->execute();
$result = $stmt->get_result();
foreach ($result as $row) {
print_r($row);
}
不同的是我的变量没有和SQL分开,所以没有注入的风险。你不应该允许直接在 SQL 查询中输入任何变量。正确地做到这一点并不难。
另外,你真的不需要那么多重复代码。您也可以参数化 dripid 并减少代码中的行数。