正如我以前所提到的,任何php网站中最重要的部分有99%的可能是数据库。因此,你需要非常熟悉如何正确的使用sql。学会关联表和更多高级技术。下面我将展示一个使用MySQL的函数示例,并使用本文第7条函数进行审查。
private function getSentMessages($id)
{
$this->util->sanitizeInput($id);
$pm_table = $GLOBALS['config']['privateMsg'];
$users = $GLOBALS['config']['users'];
$sql = "SELECT PM.*, USR.username as name_sender FROM $pm_table PM, $users USR
WHERE id_sender = '$id' AND sender_purge = FALSE AND USR.id = PM.id_receiver AND
is_read = TRUE
ORDER BY date_sent DESC";
$result = $this->dbQueryAll($sql);
return $result;
}
首先,我们对用户输入进行检查(通过一个GET变量传递消息id),然后我们执行我们的SQL命令。注意这儿SQL的用法。你需要了解如何使用别名和关联表。
private function getSentMessages($id)
{
$this->util->sanitizeInput($id);
$pm_table = $GLOBALS['config']['privateMsg'];
$users = $GLOBALS['config']['users'];
$sql = "SELECT PM.*, USR.username as name_sender FROM $pm_table PM, $users USR
WHERE id_sender = '$id' AND sender_purge = FALSE AND USR.id = PM.id_receiver AND
is_read = TRUE
ORDER BY date_sent DESC";
$result = $this->dbQueryAll($sql);
return $result;
}
首先,我们对用户输入进行检查(通过一个GET变量传递消息id),然后我们执行我们的SQL命令。注意这儿SQL的用法。你需要了解如何使用别名和关联表。
