问题描述

我想根据 url 字符串选择一些 id，但我的代码只显示第一个.如果我写手册，id 就很好用.

I want to select some id's based on url string but with my code it displays only the first. If i write manual the id's it works great.

我有一个这样的网址 http://www.mydomain.com/myfile.php?theurl=1,2,3,4,5 (ids)

I have a url like this http://www.mydomain.com/myfile.php?theurl=1,2,3,4,5 (ids)

现在在 myfile.php 我有我的 sql 连接和:

Now in the myfile.php i have my sql connection and:

$ids = $_GET['theurl'];(我得到 1,2,3,4,5)

如果我使用这个:

$sql = "select * from info WHERE `id` IN (1,2,3,4,5)";
$slqtwo = mysql_query($sql);
while ($tc = mysql_fetch_assoc($slqtwo)) {
    echo $tc['a_name'];
    echo " - ";
}

我得到了正确的结果.现在，如果我使用下面的代码，它就不起作用了:

I am Getting the correct results. Now if i use the code bellow it's not working:

$sql = "select * from info WHERE `id` IN ('$ids')";
$slqtwo = mysql_query($sql);
while ($tc = mysql_fetch_assoc($slqtwo)) {
    echo $tc['a_name'];
    echo " - ";
}

有什么建议吗?

推荐答案

插入时

"select * from info WHERE `id` IN ('$ids')"

使用您的 ID，您将获得:

with your IDs, you get:

"select * from info WHERE `id` IN ('1,2,3,4,5')"

...它将您的一组 ID 视为单个字符串而不是一组整数.

...which treats your set of IDs as a single string instead of a set of integers.

去掉IN子句中的单引号，像这样:

Get rid of the single-quotes in the IN clause, like this:

"select * from info WHERE `id` IN ($ids)"

另外，不要忘记您需要检查SQL 注入攻击.您的代码目前非常危险，并且存在严重数据丢失或访问的风险.考虑一下如果有人使用以下 URL 调用您的网页并且您的代码允许他们在单个查询中执行多个语句可能会发生什么情况:

Also, don't forget that you need to check for SQL Injection attacks. Your code is currently very dangerous and at risk of serious data loss or access. Consider what might happen if someone calls your web page with the following URL and your code allowed them to execute multiple statements in a single query:

http://www.example.com/myfile.php?theurl=1);delete from info;-- 

这篇关于从表中选择多个 ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！