我之前确实发过一篇文章,但无法正确解释我的问题,也无法解决它。这就是我所拥有的。
$shoutlines = file($shout_file);
$aTemp = array();
foreach($matches['user'] as $user) {
$aTemp[] = "'" . $user . "'";
}
$user = implode(",", $aTemp);
$rara = "SELECT * FROM accounts WHERE username IN ( $user )"; // Tried this statment both as a query and prepared statement
$getlevel = $db->query("SELECT * FROM accounts WHERE username IN '( ".$user." )'"); // Tried this both as a query and prepared statement
//$getlevel->bind_param('s', $user);
//$getlevel->execute();
//$level = $getlevel->get_result();
//$getlevel->store_result();
while($getdb = $getlevel->fetch_assoc()){
//output the html
for($i = 0; $i < (1000); $i++)
{
if(isset($shoutlines[$i]))
{
$shoutline = preg_replace('/<\/div>\n/', ' ', $shoutlines[$i], 1);
echo showSmileys($shoutline) . "<div class='delete'><a href='javascript: delete_shoutline({$i});' title='Delele'>delete</a></div></div>";
}
}
}
我有一个for
while
内循环如果我移动for
,循环将不会在其中运行while
之外的循环它工作正常,但我需要它在 while
循环检查用户的帖子标题、能力等,这些信息保存在我的数据库中。我已经展示了到目前为止我在识别问题时所做的尝试,如果查询、绑定(bind)或执行未显示 true,我尝试消除错误,但现在得到了命中。此代码已被删除,因此对于您的阅读能力来说不会有太多困惑,对此的任何帮助将不胜感激。
最佳答案
当“爆炸”用户名时,您需要将每个用户名用引号引起来,而不是整个用户名。还要确保名称对于数据输入来说是安全的。
$aTemp = array();
foreach($matches['user'] as $user) {
$aTemp[] = '"' . mysql_real_escape_string($user) . '"';
}
$user = implode(",", $aTemp);
然后使用第一个查询:
"SELECT * FROM accounts WHERE username IN ( $user )";
<小时/>
编辑:添加错误检查:
$getlevel = $db->query("SELECT * FROM accounts WHERE username IN ( $user )");
if ($getlevel == false) {
// Normally you'll build into a function or class, but this is the simple example
// Never output SQL errors on a live site, but log to file or (if you can do it safely) the database.
echo 'Whoopsie<br />';
var_dump($db->errorInfo());
exit();
}
关于php - While 循环拒绝工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13794688/