开发者

Query posts based on author id

I have the current author id stored in $theauthorid I want to do a query based on the author id so I do this

query_posts('author=$theauthorid');

However it does not work unless I write the id manually. I know the id is stored correctly as I get the correct id when I echo it开发者_JAVA百科.


The correct way is to get the variable outside the quotes. This way you can use either single or double quotes.

query_posts( 'author=' . $theauthorid );


double quotes instead of single ones
(manual page with explanation)

query_posts("author=$theauthorid");

but the whole approach is quite suspicious and possible dangerous
I bet we have trivial SQL injection here

I'd make it rather

 query_posts("author", $theauthorid);

with taking field name from array and value sanitizing

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜