檢查SQL數據庫的值

Question

我想用php來檢查我的數據庫，看看是否存在一個值。我的主要目標就是利用這個值

$_GET['UDID'] 

，如果它等於在數據庫中的任何值將返回

echo 'FOUND'; 

我使用這個代碼：

<?php 

$servername = "*****"; 
$username = "*****"; 
$password = "*****"; 
$dbname = "*****"; 
$connect = new mysqli($servername, $username, $password, $dbname); 
if ($connect->connect_error) { 
    die("CONNECTION FAILED: " . $connect->connect_error); 
} 

$udid = $_GET['UDID']; 
$id = mysqli_real_escape_string($connect, $udid); 

$result = mysqli_query($connect, "SELECT udid FROM data WHERE udid = '$id'"); 

if($result === FALSE) { 
    die("ERROR: " . mysqli_error($result)); 
} 
else { 
    while ($row = mysqli_fetch_array($result)) { 
      if($row['udid'] == $udid) { 
       $results = 'Your device is already registered on our servers.'; 
       $results2 = 'Please click the install button below.'; 
       $button = 'Install'; 
       $buttonlink = 'https://**link here**'; 
      } 
      else { 
       $results = 'Your device is not registered on our servers'; 
       $results2 = 'Please click the request access button below.'; 
       $button = 'Request Access'; 
       $buttonlink = 'https://**link here**'; 
      } 
    } 
} 

?> 

但由於某種原因，它不能正常工作，我相信我正在尋找一些東西。非常感謝您的幫助。

Answer 1

試試這個：

$sql = mysqli_query($connect, "SELECT udid FROM data WHERE udid = '" .$udid. "'"); 

而且也確保從 'GET' 的值設置爲$ UDID。應該是這樣的：

$udid = $_GET['UDID']; 

我們可以使用mysqli_fetch_array（）來取得結果行。我還包括錯誤處理。現在，你的代碼必須是這樣的：

$udid = $_GET['UDID']; 
$id = mysqli_real_escape_string($connect, $udid); 

$result = mysqli_query($connect, "SELECT `udid` FROM `wmaystec_WMT-SS`.`data` = '$id'"); 

if($result === FALSE) { 
    die(mysqli_error("error message for the user")); //error handling 
} 
else { 
    while ($row = mysqli_fetch_array($result)) { 
      echo "FOUND :" .$row['thefieldnameofUDIDfromyourDB']; 
    } 
} 

Answer 2

我建議你先逃避串，使用mysqli_real_escape_string功能，然後調用SQL查詢。

$udid = mysqli_real_escape_string($connect, $udid); 
$sql = mysqli_query($connect, "SELECT udid FROM data WHERE udid = '$udid'");