EDIT: I had a typo in my original post....the issue is a bit more complicated...i had a variable passed in not a raw string.
我想从mysql数据库中打印出特定于某个人的故事:所以我有类似的代码:
$stuff ="jamie"
$query = "SELECT * FROM person_stories WHERE person =$stuff";
$result = mysql_query($query) or die ("didnt work");
while($row = mysql_fetch_array($result))
{
echo "<a href = 'PersonStoryPage.php?pid=$row[id]'>" .$row['title']. " </a>";
}
我一直说"没工作"。。。我知道我的表person_stories是空的,但这和错误是一样的吗?表显然不会总是空的,所以我需要能够使用这段代码来处理业务。
感谢您的帮助!
编辑2:实际错误为:
Unknown column 'jamie' in 'where clause'
这太奇怪了,因为它不应该将jamie解释为列!
您没有在jamie周围加单引号。试试这个:
$query = "SELECT * FROM person_stories WHERE person = 'jamie'"
编辑:
我看到这篇文章已经编辑过了。它现在应该从这个改变:
$stuff ="jamie"
$query = "SELECT * FROM person_stories WHERE person =$stuff";
类似的东西:
$stuff ="jamie"
$query = "SELECT * FROM person_stories WHERE person='" . mysql_real_escape_string($stuff) . "'";
这不仅可以解决您的SQL语法错误,还可以保护您的应用程序免受严重的SQL注入漏洞的攻击。
您需要引用person字段的条件值(注意jamie周围的撇号(:
$query = "SELECT * FROM person_stories WHERE person = 'jamie'";
编辑:
已更新以匹配您的更新。如果您使用的变量可能来自用户输入,那么您将希望使用mysql_real_escape_string来正确转义SQL查询的值(有助于防止SQL注入(。
$query = "SELECT * FROM person_stories WHERE person = '" . mysql_real_escape_string($stuff) . "'";
如果与字符串进行比较,则必须用"将其括起来
尝试更改
$query = "SELECT * FROM person_stories WHERE person =jamie";
至
$query = "SELECT * FROM person_stories WHERE person = 'jamie'";
在我看来,最好修改这一行:
echo "<a href = 'PersonStoryPage.php?pid=$row[id]'>" .$row['title']. " </a>";
至
echo "<a href = 'PersonStoryPage.php?pid=".$row['id']."'>" .$row['title']. " </a>";
您的查询中有一个错误。你少了双引号新杰米试试这个
$query='SELECT*FROM person_stories WHERE person="jamie"';