dongying9712 2013-09-10 11:56
浏览 29
已采纳

SQL注释与数组元素PHP

This is my first question in this site hope that some one will help me over here.

I have a investor table with some fields and a project table with some files

Project table
---------------------
project_investor_id     1,26,29,30,39,48

data stored as , separated values So in my investor admin area i want show perticular project to show for logedin investor I am using this function.

public function list_all_projects_by_userid ($uid){


    $rs = mysql_query("select * from  project_table WHERE project_investor_id LIKE '$uid'  ORDER BY project_id DESC");    
    $i = 0;
    while ($row = mysql_fetch_assoc($rs)) {    
    $result[$i]['project_id'] = $row['project_id'];
    $result[$i]['project_investor_id'] = $row['project_investor_id'];
    $result[$i]['project_name'] = $row['project_name'];
    $result[$i]['project_location'] = $row['project_location'];
    $result[$i]['project_location'] = $row['project_location'];
    $result[$i]['project_phase'] = $row['project_phase'];
    $result[$i]['project_capital'] = $row['project_capital'];
    $result[$i]['project_notes'] = $row['project_notes'];
    $result[$i]['project_file'] = $row['project_file'];
    $i++;
    }
    return $result;
    }

But its not working with project have multiple investors. Please let me know how recode this?

Thank You

  • 写回答

2条回答 默认 最新

  • dongwen3093 2013-09-10 12:02
    关注

    Normally, you should have another mapping table for such things. And use joins to do a search.

    If you want to make your approach work, you should change your sql request like this:

     $rs = mysql_query("select * from  project_table WHERE project_investor_id LIKE '%$uid%'  ORDER BY project_id DESC");

    See % symbols added before and after $uid. It should work fine with that.

    Also, remember about sql injections! You must escape your input. with mysql_* you can do it like this:

     $rs = mysql_query("select * from  project_table WHERE project_investor_id LIKE '%".mysql_real_escape_string($uid) . "%'  ORDER BY project_id DESC");

    Function to escape: mysql_real_escape_string. Also, read carefully about what is shown in warning section of linked page.

    But still, you should better put a list of project investors into a different table. It should be something lie this:

    Project table
-------------
pr_id    pr_name


project investors map table
----------------------------
pr_id         investor_id
 1              1
 1              26
 1              29

    And then, your request will be like:

    $rs = mysql_query("select * from  project_table as pt join project_investor_map  as pi on pi.pr_id = pi.investor_id WHERE pi.investor_id = ".mysql_real_escape_string($uid) . "  ORDER BY project_id DESC");

    which will take all projects of some investor

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 运筹学排序问题中的在线排序
  • ¥15 关于docker部署flink集成hadoop的yarn,请教个问题 flink启动yarn-session.sh连不上hadoop,这个整了好几天一直不行,求帮忙看一下怎么解决
  • ¥30 求一段fortran代码用IVF编译运行的结果
  • ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集
  • ¥15 lammps拉伸应力应变曲线分析
  • ¥15 C++ 头文件/宏冲突问题解决
  • ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
  • ¥50 安卓adb backup备份子用户应用数据失败
  • ¥20 有人能用聚类分析帮我分析一下文本内容嘛
  • ¥15 请问Lammps做复合材料拉伸模拟,应力应变曲线问题