Question

第一个php

$message=$_POST['message'];      
$STH = $DBH->prepare("SELECT m.title,p.id,p.paid,s.time,bs.seat FROM `booked_seats` bs,`movie` m,`payment` p,`booking` b,`show` s WHERE bs.booking_id=b.id and m.id=s.movie_id and p.booking_id=b.id and b.show_id=s.id and p.id IN($message)");
    $STH->execute();
    $STH->setFetchMode(PDO::FETCH_ASSOC);

第二

$mess=$_POST['message'];         
$STH = $DBH->prepare("SELECT m.title,p.id,p.paid,s.time,bs.seat FROM `booked_seats` bs,`movie` m,`payment` p,`booking` b,`show` s WHERE bs.booking_id=b.id and m.id=s.movie_id and p.booking_id=b.id and b.show_id=s.id and p.id IN(:message)");
    $query_params = array(
    ':message' => $_POST['message']);

    $STH->execute($query_params);
    $STH->setFetchMode(PDO::FETCH_ASSOC);

让我说我的信息是“31,32,33,34”

当我运行第一个php时，我得到了正确的结果当我运行第二个时，我只获得了id 31的结果。有人向我解释这个吗？

似乎第二个选择就像SELECT .... p.id IN（'31,32,32'）第一个是SELECT .... p.id IN（31,32,32）。

Answer 1

这应该有效：

$STH->bindValue(':message', $mess, PDO::PARAM_STR);

$STH->execute();

Answer 2

试试这个：

$mess=$_POST['message'];         
$STH = $DBH->prepare("SELECT m.title,p.id,p.paid,s.time,bs.seat FROM `booked_seats` bs,`movie` m,`payment` p,`booking` b,`show` s WHERE bs.booking_id=b.id and m.id=s.movie_id and p.booking_id=b.id and b.show_id=s.id and p.id IN(:message)");
$query_params = array(
':message' => "'".$_POST['message']."'");

$STH->execute($query_params);
$STH->setFetchMode(PDO::FETCH_ASSOC);

困惑于$ _POST

2 个答案: