我正在查询我的数据库,recordID是一个int。当我回显$content['recordID']的值时,我有这行代码,它会打印出一个数值,但当我把它放在这里时,我会得到这个错误:
语法错误,意外的T_ENCAPSED_AND_WHITESPACE,应为T_STRING或T_VARIABLE或T_NUM_STRING。
但如果我用数值替换$content['recordID'],它可以正常工作
$sqlCommentAmount = "SELECT * FROM `info` WHERE `recordID` = $content['recordID']";
在[] 中省略''
... $content[recordID]";
请参阅文档示例#8:http://php.net/manual/en/language.types.string.php#language.types.string.parsing.simple
示例#8简单语法示例
<?php
$juices = array("apple", "orange", "koolaid1" => "purple");
echo "He drank some $juices[0] juice.".PHP_EOL;
echo "He drank some $juices[1] juice.".PHP_EOL;
echo "He drank some juice made of $juice[0]s.".PHP_EOL; // Won't work
echo "He drank some $juices[koolaid1] juice.".PHP_EOL;
(...)
上面的例子将输出:
He drank some apple juice.
He drank some orange juice.
He drank some juice made of s.
He drank some purple juice.
(...)
For anything more complex, you should use the complex syntax.
访问插值字符串中的关联数组值和对象属性需要在名称周围加上波浪形括号(大括号):
$sqlCommentAmount = "SELECT * FROM `info` WHERE `recordID` = {$content['recordID']}";
来源(PHP:字符串):
任何带有字符串表示的标量变量、数组元素或对象属性都可以通过此语法包含在内。只需以与字符串外部相同的方式编写表达式,然后将其封装在{和}中。
顺便说一句,你应该真正使用PDO,并编写这样的准备好的语句:
$sqlCommentAmount = "SELECT * FROM `info` WHERE `recordID` = :recordID;";
然后,您可以通过准备以下语句来绑定参数:
// ... initialize $db
$stmtCommentAmount = $db->prepare($sqlCommentAmount);
$stmtCommentAmount->bindValue(':recordID', $content['recordID'], PDO::PARAM_INT);
$stmtCommentAmount->execute();
对于原始代码,如果您完全确定$content是一个整数,则相对安全,但如果它是通过$_GET传入的(例如),则您的代码容易受到SQL注入的攻击。
双引号中的变量可能会导致问题。相反,我会尝试
$sqlCommentAmount = "SELECT * FROM info WHERE recordID = " .$content['recordID'];
或
$sqlCommentAmount = "SELECT * FROM info WHERE recordID = ${content['recordID']}";
$content['recordID']是您的问题。
我认为你需要去掉recordID周围的引号。