$FSQL = $pdo->query('SELECT * FROM `connections` WHERE `uid`="'.$my_id.'" && `type`="1" ORDER by `id` DESC');
$myfriends = '`uid`="'.$my_id.'" ';
while($po = $FSQL->fetch(PDO::FETCH_ASSOC)){
$myfriends .= ' || `uid`="'.$po['cid'].'"';
}
$dsk = $pdo->query("SELECT * FROM `posts` WHERE ".$myfriends." ORDER by `id` DESC LIMIT ".$limitCount);
我一直在尝试创建一个漂亮的后流,我终于得到了我的代码下来。但是,如果您有大量的连接(来自朋友,页面或事件的任何连接),那么它似乎效率很低。
谁能告诉我有没有更好的方法来做这件事?——顺便说一下:这已经工作得很好了,但是我觉得我会遇到问题
$FSQL = $pdo->query('SELECT * FROM
connections WHERE
uid ="'.$my_id.'" &&
type ="1" ORDER by
id DESC');
容易受到SQL注入的攻击。您应该使用参数和预处理语句。参考文档
工作示例
$sql = $pdo->prepare('SELECT * FROM `table` WHERE `uid`=:uid');
// Create the SQL statement, with the parameter prefixed by a ":".
$userID = "username";
// Grab the value you wish to bind to your parameter.
$sql->bindParam(':uid', $userID);
// Bind the values, using the bindParam method.
$sql->execute();
// Execute the statement with the parameters bound to the SQL query.
您不想使用子查询?像这样…
$dsk = $pdo->query(
"SELECT *
FROM `posts`
WHERE uid IN (
SELECT cid
FROM `connections`
WHERE `uid`="'.$my_id.'" && `type`="1"
)
ORDER BY `id` DESC LIMIT " . $limitCount);
当你不需要所有字段时,尽量不要使用*
。