我開始變得怒不可遏這裏PHP的MySQL的where子句不讀變量
mysql_query
不承認我的變量$d1
甚至我試圖將其重命名
這裏是代碼..
HTML :
<form action ="manageVessel.php" method ="POST">
<select onchange ="this.form.submit();" class ="form-control" name ="ViewPositionCertificates">
<option>Choose a Position </option>
<?php
$ViewPCertificates = mysql_query("SELECT * FROM table_cmsjob") or die("error" . mysql_error());
while ($rwViewPCertificates = mysql_fetch_array($ViewPCertificates)) {
?>
<option value =" <?php echo $rwViewPCertificates['jobName']; ?> "> <?php echo $rwViewPCertificates['jobName']; ?></option>
<?php } ?>
</select>
</form>
PHP:
<?php if (isset($_POST['ViewPositionCertificates'])) { ?>
<table class = "table table-bordered">
<tr class ="bg-primary">
<td> List of Certificates </td>
</tr>
<?php
$d1 = $_POST['ViewPositionCertificates'];
echo $_POST['ViewPositionCertificates'];
$ViewCertificatesFP = mysql_query("SELECT * FROM table_cmsjobassigning WHERE jobName = '$d1' ") or die("error" . mysql_error());
while ($rwViewCertificatesFP = mysql_fetch_array($ViewCertificatesFP)) {
echo "<tr>";
echo "<td>" . $rwViewCertificatesFP['Certificate'] . "</td>";
echo "</tr>";
}
?>
</table>
<?php } ?>
MYSQL當我用例如
mysql_query("SELECT * FROM table_cmsjobassigning WHERE jobName = 'MASTER' ") or die("error" . mysql_error());
字符串WHERE子句工作正常,但是當我使用一個變量分配$_POST['ViewPositionCertificates']
一個變量MYSQL WHERE子句不閱讀任何幫助嗎?
'$ ViewCertificatesFP = mysql_query(「SELECT * FROM table_cmsjobassigning WHERE jobName ='{$ d1}'」)或die(「error」)。 mysql_error());' 使用這個查詢 和一對菜鳥,請優先於mysql的mysqli –
由於沒有人說,我會說。請**不要**使用'mysql_ *'函數,因爲它們已被棄用,並且在新發布的PHP 7.0中使用[mysqli](http://php.net/manual/en/book.mysqli.php)或改爲[PDO](http://php.net/manual/en/book.pdo.php)。另外當處理用戶輸入使用準備語句,否則您的查詢是打開的[SQL注入](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – BRoebie