在 select 语句中使用变量编写不起作用 - writing with variables in select statement does not work?

writing with variables in select statement does not work?

本文关键字：变量不起作用 select 语句 | 更新日期: 2023-09-27

好的，这是我的代码：

<?php 
$cat1 = $_GET["cat1"];
$query = "SELECT DISTINCT cat2 FROM products WHERE cat1 = $cat1";
$result = mysqli_query($connection, $query);
if (!$result) {
die("Geen data beschikbaar");
}
while($category2 = mysqli_fetch_assoc($result)) {
echo "<a href='"#'">".$category2["cat2"]."</a><br />";
}
?>

我的网址是 http://www.websitename.com/category.php?cat1=Holland

显然这行不通，我不明白为什么。如果我删除语句中 WHERE 后面的变量并只填写"Holland"，效果很好。所以我在语法上做了一些不正确的事情？谢谢

$sql = "SELECT DISTINCT cat2"
    . " FROM products"
    . " WHERE cat1 = '" . mysqli_real_escape_string($connection, $cat1) . "'";

在字符串周围添加单引号，并对其进行转义以避免 sql 注入。