我想在SQL查询的WHERE位内列出for语句的所有结果($photosToPromote[$ I])。
此时,for语句输出结果的文本列表,如果在前一页上只选择了一张照片,则SQL将拾取$photosToPromote中的1。如果选择了不止一张照片,那么FOR语句会列出它们,但是SQL不会找到它们并显示这些图像。
我需要使用mysql_real_escape_string之前把它放入SQL?我怎么也能做到呢?
$photosToPromote = $_POST['promotePhoto'];
if(empty($photosToPromote))
{
echo("<p class='"error'">You didn't select any photos so go back and start again!");
}
else
{
$N = count($photosToPromote);
echo("You selected $N photos(s): ");
for($i=0; $i < $N; $i++)
{
echo($photosToPromote[$i] . " ");
}
}
$queryUserPhotos = mysql_query("SELECT photoID FROM photos WHERE photoid='$photosToPromote[$i]' AND (auth = '5' OR auth = '2' OR auth = '4') ORDER BY auth DESC") or die("Something went wrong...please try this again later!");
while($resultUserPhotos = mysql_fetch_array($queryUserPhotos)){
<img src='"/$imgpath/$resultUserPhotos[photoID].jpg'" alt='"Your Photo'"/>
}
你可以试试这个吗:
$c = '';
foreach ($photosToPromote as $p) {
$c .= " photoid=$p OR ";
}
$c .= '1=2';//false condition to close $c by a condition never true
$q = "SELECT photoID FROM photos WHERE ( $c ) AND (auth = '5' OR auth = '2' OR auth = '4') ORDER BY auth DESC";
$queryUserPhotos = mysql_query($q) or die("Something went wrong...please try this again later!");