dougang1967
dougang1967
2013-05-21 21:59

如何在Inner Join MYSQL查询中使用PHP变量?

已采纳

I have been trying for the past day to get mysql to recognize my PhP variable, but I have had no luck so far.

The code:

...connect to db...
session_start();
//Calls up Session stored variable
$currentUsr= $_SESSION['username'];
//SQL Query
$sql= 'SELECT Users.Username, books.* FROM Users
       INNER JOIN UserLinkBooks lb
       ON Users.Username = lb.Username
       INNER JOIN Books
       ON lb.bkTitle = books.Title
       WHERE Users.Username = "$currentUsr"';
$result=mysqli_query($conn,$sql);                                                                
//Error Check
if (!$result) {                                                                                   
   printf("Error: %s
", mysqli_error($conn)); 
   exit();}
//display row
while($row=mysqli_fetch_array($result)){                                                                                                        
    echo "<strong>".$row['Title']."</strong>".$row['Description']."</br>";}   

My issue is that the $currentUsr is not properly calling the username that was passed. After doing an error check on it, it seems to be empty.

What I do not understand is that when I use the code :

$sql = "SELECT * FROM Users WHERE `Username`='$currentUsr'";

The variable is processed and works fine, calling up the book title's and description perfectly. Also, if I manually type in: WHERE Users.UserName = "Bill"'; It works fine.

Some of the other errors I've gotten from various attempts are:

  WHERE Users.UserName = '.'$currentUsr';
  Error: Unknown column '$currentUsr' in 'where clause'

or

  WHERE Users.UserName = '.$currentUsr;  
  Error:  Unknown column 'Bill' in 'where clause'

Any help would be greatly appreciated. Thanks

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

3条回答

  • dpf7891 dpf7891 8年前

    Your variable is in a single quoted string, preventing interpolation. You can try:

    $sql = "SELECT Users.Username, books.* FROM Users
            INNER JOIN UserLinkBooks lb
            ON Users.Username = lb.Username
            INNER JOIN Books
            ON lb.bkTitle = books.Title
            WHERE Users.Username = '" . $currentUsr ."'";
    

    Using concatenation makes the code more readable in my opinion. Having said that, you should look into using parameterized queries as they cut down on injection issues. Mysqli has such capabilities.

    点赞 评论 复制链接分享
  • dpwdsmbvm496180204 dpwdsmbvm496180204 8年前

    If you use double quotes, then put your variables in curly braces - else use Concatinatoin with the dot.

    点赞 评论 复制链接分享
  • duandeng2011 duandeng2011 8年前

    When you're using variables inside strings, you should put these strings within double, not single quotes, otherwise the variables are not replaced with their values.

    Also check this question: What is the difference between single-quoted and double-quoted strings in PHP?

    点赞 评论 复制链接分享

相关推荐