显示数据从MYSQL; SQL语句错误 [英] Display Data From MYSQL; SQL statement error

查看:135
本文介绍了显示数据从MYSQL; SQL语句错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个form..want从mysql表显示数据。问题是,SQL查询语句不显示数据。我认为错误可能由于在SQL查询行中的AND语句orruring? 

 < form method =getaction =submit.php> 
 
卧室数量:< select name =bedrooms> 
< option selected value ='#'>  - 选择房间数 - < / option> 
< option value =2> 2< / option> 
< option value =3> 3< / option> 
< option value =4> 4< / option> 
< option value =5> 5< / option> 
< / select> 
 
 
占用者数量:< select name =sleeps_min> 
< option selected value ='#'>  - 选择房间数 - < / option> 
< option value =2> 2< / option> 
< option value =3> 3< / option> 
< option value =4> 4< / option> 
< option value =5> 5< / option> 
< option value =6> 6< / option> 
< option value =7> 7< / option> 
< option value =8> 8< / option> 
< option value =9> 9< / option> 
< option value =10> 10< / option> 
< / select> 
 
可用性:< select name =availability> 
< option selected value ='#'>  - 选择可用期 - < / option> 
< option value =All year round>全年轮< / option> 
< option value =New Year Availability Only>新年< / option> 
 
< / select> 
< input type =submitvalue =submit/> 
< / form>

- 


  require'defaults.php'; 
 require'database.php'; 
 
 / *从数据库获取属性* / 
 
 $ property = $ _GET ['bedrooms']; 
 $ sleeps_min = $ _GET ['sleeps_min']; 
 $ availability = $ _GET ['availability']; 
 
 
 $ query =SELECT * FROM`properties` WHERE bedrooms ='{$ bedrooms}'sleeps_min ='{$ sleeps_min}'AND availability ='{$ availability}' 
 $ row = mysql_query($ query); 
 
 $ result = do_query(SELECT * FROM` properties` WHERE bedrooms ='{$ bedrooms}'sleeps_min ='{$ sleeps_min}'AND availability ='{$ availability}',$ db_connection ); 
 
 while($ row = mysql_fetch_assoc($ result))
 {
 $ r [] = $ row; 
} 
 
?>


解决方案

您缺少一个逻辑运算符<$ p> $ AND ):



<属性`WHERE bedrooms ='{$ bedrooms}'sleeps_min =
^ ----这里

,您的查询容易受到SQL注入攻击。至少您应该通过 mysql_real_escape_string 传递$ _GET变量



如果你在代码中甚至只有基本的错误处理,你会看到语法错误:

  $ result = mysql_query($ query)或die(mysql_error()); 
 ^^^^^^^^^^^^^^^^^^^ ^^^

永不假设查询成功。即使SQL语法本身是完美的(你的不是),有太多的其他原因的查询无法检查失败。


I have a form..want to display the data from mysql table..problem is that the SQL query statement is not displaying the data..any ideas? I think the error may be orruring due to the AND statement in the SQL query line? 

  <form method="get" action="submit.php">

   Number of Bedrooms: <select name="bedrooms">
   <option selected value='#'>--Choose Number of Bedrooms--</option>
   <option value="2">2</option>
   <option value="3">3</option>
   <option value="4">4</option>
   <option value="5">5</option>
   </select>


   Number of Occupants:  <select name="sleeps_min">
   <option selected value='#'>--Choose Number of Bedrooms--</option>
   <option value="2">2</option>
   <option value="3">3</option>
   <option value="4">4</option>
   <option value="5">5</option>
   <option value="6">6</option>
   <option value="7">7</option>
   <option value="8">8</option>
   <option value="9">9</option>  
   <option value="10">10</option>
   </select>

   Availability:  <select name="availability">
   <option selected value='#'>--Select Availability Period--</option>
   <option value="All year round">All Year Round</option>
   <option value="New Year Availability Only">New Year</option>

   </select>
   <input type="submit" value="submit" />
    </form>

-- 

 require 'defaults.php';
 require 'database.php';

 /* get properties from database */

 $property = $_GET['bedrooms'] ;
 $sleeps_min = $_GET['sleeps_min'] ;
 $availability = $_GET['availability'] ;


  $query = "SELECT * FROM `properties` WHERE bedrooms = '{$bedrooms}' sleeps_min = '{$sleeps_min}' AND availability = '{$availability}'";
  $row=mysql_query($query);

  $result = do_query("SELECT * FROM `properties` WHERE bedrooms = '{$bedrooms}' sleeps_min = '{$sleeps_min}' AND availability = '{$availability}'", $db_connection);

 while ($row = mysql_fetch_assoc($result))
 {
$r[] = $row;
 }

 ?>

解决方案

You're missing a logical operator (e.g. AND) in your where clause:

$query = "SELECT * FROM `properties` WHERE bedrooms = '{$bedrooms}' sleeps_min =
                                                                   ^----here

and your query is vulnerable to SQL injection attacks. At bare minimum you should be passing your $_GET variables through mysql_real_escape_string

If you had even bare-bones error handling in your code, you'd have seen the syntax error:

$result = mysql_query($query) or die(mysql_error());
                             ^^^^^^^^^^^^^^^^^^^^^^

NEVER assume a query succeeded. Even if the SQL syntax itself is perfect (yours isn't), there's far too may other reasons for queries to fail to NOT check for failure.

这篇关于显示数据从MYSQL; SQL语句错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆