以下是我的users
表:
uid (main) | username | password
1 | Admin | "(actual password removed)"
2 | Dummy | "(another password removed)"
我的MySQL查询如下:
SELECT * FROM `users` WHERE username = "Admin"
我的php代码是这样的:
$con=@mysqli_connect("localhost","root","root","database");
$sql='SELECT * FROM `users` WHERE username = "Admin"';
mysqli_prepare($con, $sql);
mysqli_query($con, $sql);
mysqli_close($con);
如果我在phpMyAdmin中运行此代码,那么它将成功返回第一行,但是如果我从php页面运行它,我会得到以下错误:
Fatal error: Problem preparing query (SELECT * FROM `users` WHERE username = "Admin") You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"Admin"'
你应该对变量而不是整个字符串使用prepare。MySQL正在将它们转义到更安全的替代品'
,当通过浏览器查看时看起来像'
。
查找MySQL Prepare并查看示例部分,了解如何使用
要使你的代码工作,你可以删除prepare,或者使prepare只应用于变量部分(在这种情况下没有附加变量?)
我不确定,但请尝试使用单引号
SELECT * FROM `users` WHERE username = 'Admin'
用户名字符串使用单引号。修改这个:-
$sql="SELECT * FROM `users` WHERE username = "Admin"";
$sql="SELECT * FROM `users` WHERE username = 'Admin' ";