从 JSON 文件中收集值以用于 MySQL `IN` 子句
Collect values from JSON file for use in MySQL `IN` clause
include "includes/dbh.inc.php";
$data = file_get_contents("dumps/datadump-hung1.json");
$post = json_decode($data, true);
foreach($post['sessionResult']['leaderBoardLines'] as $userArr){
$carname .=$userArr['car']['carModel'];
} echo $carname;
这呼应了这样的汽车型号 = 19115 而不是 19 1 15
当我尝试将这些与我的数据库相匹配以回显汽车名称时,数字响应为:
$carGETdb = "SELECT carName FROM cars WHERE carID IN ($carname)";
$result = mysqli_query($conn, $carGETdb);
$row = mysqli_fetch_array($result)["carName"];
echo $row;
它没有发布任何内容,因为没有汽车与 19115 相关联,但有 3 辆不同的汽车与 19、1 和 15 相关联
有没有办法 foreach 单曲中的每个数组,这样我就可以将它们与我的数据库匹配并作为汽车名称而不是数字回显?
- 将您需要的值映射到新数组
- 在
IN 子句 中使用适当数量的 ? 参数构建准备好的语句
- 将值数组绑定到您的语句
- 执行并获取
$carIds = array_map(function($userArr) {
return $userArr['car']['carModel'];
}, $post['sessionResult']['leaderBoardLines']);
// [ 19, 1, 15 ]
$placeholders = implode(', ', array_fill(0, count($carIds), '?'));
// "?, ?, ?"
$bindTypes = str_repeat('i', count($carIds));
// "iii"
$stmt = $conn->prepare(
"SELECT `carID`, `carName` FROM `cars` WHERE `carID` IN ($placeholders)");
$stmt->bind_param($bindTypes, ...$carIds);
$stmt->execute();
$stmt->bind_result($carId, $carName);
$carNames = [];
while ($stmt->fetch()) {
$carNames[$carId] = $carName;
}
var_dump($carNames);
正在使用您的代码...
include "includes/dbh.inc.php";
$data = file_get_contents("dumps/datadump-hung1.json");
$post = json_decode($data, true);
$carname = [];
foreach($post['sessionResult']['leaderBoardLines'] as $userArr){
$carname[] = $userArr['car']['carModel'];
}
$carnames = implode(',', $carname);
echo $carnames;
那么在查询数据库的时候用你下面的语句,就可以使用impleded值(但是这必然会受到sql注入攻击)。您应该改用参数化查询。但是,我不会更改您的太多代码,因此您可以看到发生了什么。
$carGETdb = "SELECT carName FROM cars WHERE carID IN ($carnames)";
$result = mysqli_query($conn, $carGETdb);
$row = mysqli_fetch_array($result)["carName"];
echo $row;
include "includes/dbh.inc.php";
$data = file_get_contents("dumps/datadump-hung1.json");
$post = json_decode($data, true);
foreach($post['sessionResult']['leaderBoardLines'] as $userArr){
$carname .=$userArr['car']['carModel'];
} echo $carname;
这呼应了这样的汽车型号 = 19115 而不是 19 1 15
当我尝试将这些与我的数据库相匹配以回显汽车名称时,数字响应为:
$carGETdb = "SELECT carName FROM cars WHERE carID IN ($carname)";
$result = mysqli_query($conn, $carGETdb);
$row = mysqli_fetch_array($result)["carName"];
echo $row;
它没有发布任何内容,因为没有汽车与 19115 相关联,但有 3 辆不同的汽车与 19、1 和 15 相关联
有没有办法 foreach 单曲中的每个数组,这样我就可以将它们与我的数据库匹配并作为汽车名称而不是数字回显?
- 将您需要的值映射到新数组
- 在
IN子句 中使用适当数量的 - 将值数组绑定到您的语句
- 执行并获取
? 参数构建准备好的语句
$carIds = array_map(function($userArr) {
return $userArr['car']['carModel'];
}, $post['sessionResult']['leaderBoardLines']);
// [ 19, 1, 15 ]
$placeholders = implode(', ', array_fill(0, count($carIds), '?'));
// "?, ?, ?"
$bindTypes = str_repeat('i', count($carIds));
// "iii"
$stmt = $conn->prepare(
"SELECT `carID`, `carName` FROM `cars` WHERE `carID` IN ($placeholders)");
$stmt->bind_param($bindTypes, ...$carIds);
$stmt->execute();
$stmt->bind_result($carId, $carName);
$carNames = [];
while ($stmt->fetch()) {
$carNames[$carId] = $carName;
}
var_dump($carNames);
正在使用您的代码...
include "includes/dbh.inc.php";
$data = file_get_contents("dumps/datadump-hung1.json");
$post = json_decode($data, true);
$carname = [];
foreach($post['sessionResult']['leaderBoardLines'] as $userArr){
$carname[] = $userArr['car']['carModel'];
}
$carnames = implode(',', $carname);
echo $carnames;
那么在查询数据库的时候用你下面的语句,就可以使用impleded值(但是这必然会受到sql注入攻击)。您应该改用参数化查询。但是,我不会更改您的太多代码,因此您可以看到发生了什么。
$carGETdb = "SELECT carName FROM cars WHERE carID IN ($carnames)";
$result = mysqli_query($conn, $carGETdb);
$row = mysqli_fetch_array($result)["carName"];
echo $row;