这个陈述在句法上是否正确:
$query = "SELECT matric_no session course_name
FROM main_table session
WHERE main_table.matric_no = '$_POST[matric_no]'
AND session.session_name = '$_SESSION[session]'
AND session.course_name = '$_SESSION[course_name]'";
$result = mysql_query($query) ;
$duplicates = mysql_num_rows($result);
if ($duplicates = 1) {
echo "you have dis in the database";
};
最佳答案
您不需要SELECT 中的所有信息来检查 session 是否在数据库中。
$matricNo = $_POST[matric_no];
$sessionName = $_ SESSION[session];
$courseName = $_ SESSION[course_name];
//here you should use mysql_real_escape_string() for security
//like this $matricNo = mysql_real_escape_string($matricNo);
$query = "SELECT m.matric_no
FROM main_table as m, session as s
WHERE m.matric_no = '$matricNo'
AND s.session_name = '$sessionName'
AND s.course_name = '$courseName'";
$result = mysql_query($query) or die (mysql_error());
$duplicates = mysql_num_rows($result);
if ($duplicates > 0) {
echo "you have dis in the database";
};
关于php - 我的选择语句正确吗,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8199813/