我在 MySQL 中包含 php 变量的语法是否正确 - Is my syntax of including php variable in MySQL is correct?

Is my syntax of including php variable in MySQL is correct?

这是我的代码：

  $international_categories = $_GET['international_categories'];
      $query = "SELECT * 
      FROM 
        tourDB
      WHERE 
        categories LIKE '$international_categories'";
  $result = mysql_query( $query ) or die ( mysql_error() );
  if ( $result !== false && mysql_num_rows($result) > 0 ) {
    while ( $ilist = mysql_num_rows( $result ) > 0)  {
        $tour_id             = stripslashes( $ilist[ 'tour_id' ] );
        $tour_type           = stripslashes( $ilist[ 'tour_type' ] );
        $tour_name           = stripslashes( $ilist[ 'tour_name' ] );
        $day                 = stripslashes( $ilist[ 'day' ] );
        $nights              = stripslashes( $ilist[ 'nights' ] );
        $tour_price          = stripslashes( $ilist[ 'tour_price' ] );
        $overview            = stripslashes( $ilist[ 'overview' ] );
        $itinerary           = stripslashes( $ilist[ 'itinerary' ] );
        $terms_conditons     = stripslashes( $ilist[ 'terms_conditons' ] );
        $inclusions          = stripslashes( $ilist[ 'inclusions' ] );
        $exclusions          = stripslashes( $ilist[ 'exclusions' ] );
        $twin_triple_sharing = stripslashes( $ilist[ 'twin_triple_sharing' ] );
        $single_occcupancy   = stripslashes( $ilist[ 'single_occcupancy' ] );
        $child_with_no_bed   = stripslashes( $ilist[ 'child_with_no_bed' ] );
        $inf_below           = stripslashes( $ilist[ 'inf_below' ] );
        $pricing_details     = stripslashes( $ilist[ 'pricing_details' ] );
        $url                 = stripslashes( $ilist[ 'url' ] );
        $international_list_cat .= <<<INTERNATIONAL_LIST_CAT
        <!-- html output -->
       INTERNATIONAL_LIST_CAT;
    }
else {
    $international_list_cat = <<<INTERNATIONAL_LIST_CAT
    <!-- html output -->
    INTERNATIONAL_LIST_CAT;
}

我试图缩短"类别"列的值为"$international_类别"的行

$international_categories = $_GET['international_categories']的值也有空格，尽管我在这里得到了$_GET['international_categories']，但MySQL没有整理其"类别"列中具有$_GET['international_categories']值的行。

转换

while ( $ilist = mysql_num_rows( $result ) > 0)  {

自

while ( $ilist = mysql_fetch_array( $result ))  {

感谢巴马尔警告我。

但正如其他一些用户所评论的那样，MySQL已被弃用，并且极易受到SQL注入攻击。你可以使用PDO或MySQLi。我更喜欢MySQLi，我会将您的代码转换为以下内容：

//Define a mysqli variable to use for database connections
$mysqli->new mysqli(host, user, password, dbname);
$international_categories = $_GET['international_categories'];
//Add other columns into query or use *
$query = $mysqli->prepare("SELECT tour_id, tour_type FROM tourDB WHERE categories=?");
//Now we are inserting our external variable into our query
$query->bind_param("i", $international_categories);
$query->execute();
//Now we are declaring variables in order to fetched columns in our SELECT query.
//Add other columns into next line.
$query->bind_result($tour_id, $tour_type);
while($query->fetch())
{
    $international_list_cat .= <<<INTERNATIONAL_LIST_CAT
        <input type="text" value="$tour_type" />
<!-- html output -->
INTERNATIONAL_LIST_CAT;
}
//Now close connection
$query->close();

while ($ilist = mysql_num_rows($result) > 0) {

应该是：

while ($ilist = mysql_fetch_assoc($result)) {