显示数据从MYSQL; SQL语句错误 [英] Display Data From MYSQL; SQL statement error
问题描述
我有一个form..want从mysql表显示数据。问题是,SQL查询语句不显示数据。我认为错误可能由于在SQL查询行中的AND语句orruring?
< form method =getaction =submit.php>
卧室数量:< select name =bedrooms>
< option selected value ='#'> - 选择房间数 - < / option>
< option value =2> 2< / option>
< option value =3> 3< / option>
< option value =4> 4< / option>
< option value =5> 5< / option>
< / select>
占用者数量:< select name =sleeps_min>
< option selected value ='#'> - 选择房间数 - < / option>
< option value =2> 2< / option>
< option value =3> 3< / option>
< option value =4> 4< / option>
< option value =5> 5< / option>
< option value =6> 6< / option>
< option value =7> 7< / option>
< option value =8> 8< / option>
< option value =9> 9< / option>
< option value =10> 10< / option>
< / select>
可用性:< select name =availability>
< option selected value ='#'> - 选择可用期 - < / option>
< option value =All year round>全年轮< / option>
< option value =New Year Availability Only>新年< / option>
< / select>
< input type =submitvalue =submit/>
< / form>
-
require'defaults.php';
require'database.php';
/ *从数据库获取属性* /
$ property = $ _GET ['bedrooms'];
$ sleeps_min = $ _GET ['sleeps_min'];
$ availability = $ _GET ['availability'];
$ query =SELECT * FROM`properties` WHERE bedrooms ='{$ bedrooms}'sleeps_min ='{$ sleeps_min}'AND availability ='{$ availability}'
$ row = mysql_query($ query);
$ result = do_query(SELECT * FROM` properties` WHERE bedrooms ='{$ bedrooms}'sleeps_min ='{$ sleeps_min}'AND availability ='{$ availability}',$ db_connection );
while($ row = mysql_fetch_assoc($ result))
{
$ r [] = $ row;
}
?>
您缺少一个逻辑运算符<$ p> $ AND ):
<属性`WHERE bedrooms ='{$ bedrooms}'sleeps_min =
^ ----这里
,您的查询容易受到SQL注入攻击。至少您应该通过 mysql_real_escape_string 传递$ _GET变量
如果你在代码中甚至只有基本的错误处理,你会看到语法错误:
$ result = mysql_query($ query)或die(mysql_error());
^^^^^^^^^^^^^^^^^^^ ^^^
永不假设查询成功。即使SQL语法本身是完美的(你的不是),有太多的其他原因的查询无法检查失败。
I have a form..want to display the data from mysql table..problem is that the SQL query statement is not displaying the data..any ideas? I think the error may be orruring due to the AND statement in the SQL query line?
<form method="get" action="submit.php">
Number of Bedrooms: <select name="bedrooms">
<option selected value='#'>--Choose Number of Bedrooms--</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select>
Number of Occupants: <select name="sleeps_min">
<option selected value='#'>--Choose Number of Bedrooms--</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
Availability: <select name="availability">
<option selected value='#'>--Select Availability Period--</option>
<option value="All year round">All Year Round</option>
<option value="New Year Availability Only">New Year</option>
</select>
<input type="submit" value="submit" />
</form>
--
require 'defaults.php';
require 'database.php';
/* get properties from database */
$property = $_GET['bedrooms'] ;
$sleeps_min = $_GET['sleeps_min'] ;
$availability = $_GET['availability'] ;
$query = "SELECT * FROM `properties` WHERE bedrooms = '{$bedrooms}' sleeps_min = '{$sleeps_min}' AND availability = '{$availability}'";
$row=mysql_query($query);
$result = do_query("SELECT * FROM `properties` WHERE bedrooms = '{$bedrooms}' sleeps_min = '{$sleeps_min}' AND availability = '{$availability}'", $db_connection);
while ($row = mysql_fetch_assoc($result))
{
$r[] = $row;
}
?>
You're missing a logical operator (e.g. AND
) in your where clause:
$query = "SELECT * FROM `properties` WHERE bedrooms = '{$bedrooms}' sleeps_min =
^----here
and your query is vulnerable to SQL injection attacks. At bare minimum you should be passing your $_GET variables through mysql_real_escape_string
If you had even bare-bones error handling in your code, you'd have seen the syntax error:
$result = mysql_query($query) or die(mysql_error());
^^^^^^^^^^^^^^^^^^^^^^
NEVER assume a query succeeded. Even if the SQL syntax itself is perfect (yours isn't), there's far too may other reasons for queries to fail to NOT check for failure.
这篇关于显示数据从MYSQL; SQL语句错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!