最受欢迎

这是用php和$_POST变量查询2个mysql表的正确方法吗

Is this the correct way to query 2 mysql tables with php and a $_POST variable?

本文关键字:mysql 2个 方法 查询 变量 php POST | 更新日期: 2023-09-27

我一直在努力找出从数据库返回订单的最佳方式。我已经想出了这个办法,它按照我想要的方式工作(我认为),它给了我想要的结果,但我想知道它是否正确,或者是否有更好的方法。

<?php
$conn = mysql_connect('', '', ''); 
if (!$conn) 
{ 
die('Could not connect: ' . mysql_error()); 
} 
mysql_select_db($dbs, $conn);
$Order_ID = $_POST['Order_ID'];
//$Order_ID = '1001';
    $queryOrderHead = "SELECT * FROM Orders WHERE Order_ID = '$Order_ID' ";
    $queryOrderLines = "SELECT *
    FROM Order_LineDetails 
    WHERE Order_LineDetails.Order_ID = '$Order_ID'
";
        if ($queryRunHead = mysql_query($queryOrderHead)){
                while ($info_HEAD = mysql_fetch_array($queryRunHead))       
                {
                    $OrderID_HEAD = $info_HEAD['Order_ID'];         
                    $User_ID_HEAD = $info_HEAD['User_ID'];  
                    $Customer_ID_HEAD = $info_HEAD['Customer_ID'];                          
                    echo $OrderID_HEAD.' '.$User_ID_HEAD.' '.$Customer_ID_HEAD.'<br>';
                }
                $queryRunLines = mysql_query($queryOrderLines);
                while ($info = mysql_fetch_array($queryRunLines))       
                {
                    $OrderID = $info['Order_ID'];           
                    $OrderLineID = $info['OrderLineItem_ID'];           
                    echo $OrderID.' '.$OrderLineID.'<br>';
                }
        } else {
        echo mysql_error();         
        }
mysql_close($conn);
?>

因此,它所做的是,它使用$_POST中的Order_ID val并运行第一个查询,然后在成功时,它使用相同的Order_ID并循环第二个查询,并从不同的表中获取所有Order_LineDetails

除了mysql_real_escape()标签。。。。

有什么建议或想法吗???

有什么建议或想法吗???

先选择订单,然后选择项目没有错。然而,您可以从将数据组织成数组结构以及以下更好的命名约定(对于变量和数据库模式)中获益:

$orderId = $_POST['order_id'];
// order_id should be an INT, so no quotes. 
// Also look into parameterized queries with PDO as the mysql_* functions are archaic!
$sqlOrder = "SELECT * 
             FROM orders 
             WHERE order_id = ".mysql_real_escape_string($orderId);
$order = array();
if ($resOrder = mysql_query($sqlOrder)) {
    if ($rowOrder = mysql_fetch_array($resOrder)) {
        $order = $rowOrder;
        // echo $rowOrder['order_id'].' '.$rowOrder['user_id'].' '.$rowOrder['customer_id']."<br />'n";
        $sqlOrderLines = "SELECT * 
                  FROM order_lines
                  WHERE order_lines.order_id = ".mysql_real_escape_string($orderId);
        if ($resOrderLines = mysql_query($sqlOrderLines)) {
            $order['order_lines'] = array();
            while ($rowOrderLines = mysql_fetch_array($resOrderLines)) {
                $order['order_lines'][] = $rowOrderLines;                 
                // echo $rowOrderLines['order_id'].' '.$rowOrderLines['order_line_id']."<br />'n";
            }
        }
    } else {
        echo 'Order not found'.
    }

} else {
    echo mysql_error();         
}
// debug
print_r($order);
相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习