我想在我的数据库中搜索一些用户名,如下所示->
$skip = $_POST['username'];
$_SESSION['skip_user'] = array();
array_push($_SESSION['skip_user'],$skip);
$str = $_SESSION['skip_user'];
$string = rtrim(implode(',', $str), ',');
现在字符串变量看起来像"name1,name2,name3";
mysqli_query($db, "SELECT * FROM users WHERE username in ({$string}) ORDER BY id DESC");
这会获取用户,但我不想要这些用户。我的意思是,有没有任何问题可以让我写WHERE username !in ({$string})
!
获取除"名称1,名称2,名称3"之外的所有用户这些用户
现在添加NOT IN后,我收到错误
mysqli_query($db, "SELECT * FROM users WHERE username NOT IN ({$string}) ORDER BY id DESC")or die(mysqli_error($db)); php is giving error Unknown column 'name1' in 'where clause'
在SQL查询中尝试NOT IN
。
不过,首先尝试将引号添加到sql查询的NOT IN
部分中尝试的值中。
$str = '';
foreach ($_SESSION['skip_user'] AS $word) {
$str .= "'$word',";
}
$str = rtrim($str, ',');
然后在查询中使用此$str
。另外,试着养成用"作为列名的习惯,比如:
SELECT `SOMETHING` FROM `TABLE_NAME` WHERE <CONDITION>
我希望这能有所帮助!
您应该使用NOT IN
来排除某些值。
mysqli_query($db, "SELECT * FROM users WHERE username NOT IN ('name1', 'name2') ORDER BY id DESC");
是的,只需键入"not"而不是"!"
从垃圾不在的表中选择*('item1','item2','item3');
1) 虽然你没有在内爆中添加报价,但你还有一些其他问题:
// you need quotes here
$string = implode("','", $str);
// And here
mysqli_query($db, "SELECT * FROM users WHERE username in ('{$string}') ORDER BY id DESC");
然而,这才是真正应该做的事情。
2) 您应该绑定您的参数,因为您对SQL注入持开放态度:
$params = array();
$params[0] = "";
$sql = "SELECT * FROM users WHERE username NOT IN (";
foreach($str as $s){
$params[0] .= "s";
array_push($params, $s);
$sql .= "?, ";
}
$sql = rtrim($sql, " ,").") ORDER BY id DESC";
$stmt = $conn->prepare($sql);
// this is the same as doing: $stmt->bind_param('s', $param);
call_user_func_array(array($stmt, 'bind_param'), $params);
// execute and get results
$stmt->execute();