PHP MYSQL 无法执行查询:未知列 [英] PHP MYSQL Couldn't execute query: Unknown column

问题描述

请帮我解决这个问题.第一个查询将返回一条消息，说明

Please help me to figure out this. The first query would return a message saying that

Couldn't execute query: Unknown column 'ssd23' in 'where clause.

ssd23 是 $_POST 将从 html 表单中获取的 pnumber 值.但是，如果只有数字，它会起作用.

ssd23 is the value the $_POST will get for the pnumber from a html form. However, it would work if there are only digits.

$result = mysqli_query($con, "DELETE FROM Tools WHERE PartNumber = {'$_POST['pnumber']'}") or die ("Couldn't execute query: " .mysqli_error($con));

下面的第二个查询在使用变量后可以处理数字和字符.

This second query below would work with both digits and characters after using a variable.

$test = $_POST['pnumber'];                  
$result = mysqli_query($con, "DELETE FROM Tools WHERE PartNumber = '$test'") or die ("Couldn't execute query: " .mysqli_error($con)); 

推荐答案

替换为:

$result = mysqli_query($con, "DELETE FROM Tools WHERE PartNumber = {'$_POST['pnumber']'}") or die ("Couldn't execute query: " .mysqli_error($con));

有了这个:

$result = mysqli_query($con, "DELETE FROM Tools WHERE PartNumber = '" . $_POST['pnumber'] ."'") or die ("Couldn't execute query: " .mysqli_error($con));

注意我没有处理上面的sql注入

更好的是使用可以保护您的查询的准备语句，在您的情况下，它将是这样的:

Even better is to use prepare statements that will secure your querys, in your case it will be something like this:

$sql= 'DELETE FROM Tools WHERE PartNumber= ?';      

$stmt = $con->prepare($sql); 
$stmt->bind_param('i', $_POST['pnumber']);
$stmt->execute();

这篇关于PHP MYSQL 无法执行查询:未知列的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！