如何將來自用戶php的輸入與MySQL的輸入進行比較

Question

我在教自己的php和MySQL，現在我有一個MySQL問題。

我想比較用戶輸入的電話號碼與MYSQL中的電話號碼，以及是否在MYSQL中不再註冊。

我的代碼：

<?php 

require_once 'connection/connection.php'; 

// Variables from HTML to php 
$worker_Name = $_POST['workerNameFromHtml']; // worker Name 
$worker_City = $_POST['workerCityFromHtml']; // workerCity 
$worker_career = $_POST['workerCareerFromHtml']; // worker career 
$worker_PhoneNumber = $_POST['workerPhonNumberFromHtml']; // worker Phone Number 
$worker_SecondPhoneNumber = $_POST['workerSecondPhoneNumberFromHtml']; // worker Second Phone Number 
$submt=$_POST['submitFromHtml']; 

if($submt){ 

    $qry = ("SELECT workrPhoneNumber FROM workersTable WHERE workrPhoneNumber = '$worker_PhoneNumber'") or die(mysql_error()); 
    $result = $connect->query($qry); 
    $num = $result->num_rows; 

    if ($num == 1) { 
    $here = "INSERT INTO workersTable VALUES('','$worker_Name','$worker_City','$worker_career','$worker_PhoneNumber','$worker_SecondPhoneNumber')"; 
    $query = $connect->query($here); 
    print "Successfully added!"; 
    } 
    else {print "This number has already been entered Thank you for your cooperation!";}} 

$connect->close(); 

到目前爲止，我還沒有找到一個解決這個問題。

Answer 1

這裏你最大的問題是你試圖在字符串中包含變量。

"SELECT workrPhoneNumber FROM workersTable WHERE workrPhoneNumber = '$worker_PhoneNumber'" 

如果你想這樣做，你需要連接你的變量和你的字符串。

"SELECT workrPhoneNumber FROM workersTable WHERE workrPhoneNumber = '".$worker_PhoneNumber."'" 

請記住，如果您這樣做，您將首先要清理變量以防止SQL注入。此外，當您插入變量，你真的想使用一份聲明中這樣的：

"INSERT INTO table_name (column1, column2, column3,...) VALUES (value1, value2, value3,...)" 

，其中第一組值是在數據庫和第二組的列的名稱是你的PHP變量，你正在投入。