1. 首頁
  2. 問答
  3. PHP的MySQL的where子句不讀變量

PHP的MySQL的where子句不讀變量

2015-12-15 101 views
0

我開始變得怒不可遏這裏PHP的MySQL的where子句不讀變量

mysql_query不承認我的變量$d1甚至我試圖將其重命名

這裏是代碼..

HTML :

<form action ="manageVessel.php" method ="POST"> 
    <select onchange ="this.form.submit();" class ="form-control" name ="ViewPositionCertificates"> 
     <option>Choose a Position </option>              
     <?php 
     $ViewPCertificates = mysql_query("SELECT * FROM table_cmsjob") or die("error" . mysql_error()); 
     while ($rwViewPCertificates = mysql_fetch_array($ViewPCertificates)) { 
      ?> 
      <option value =" <?php echo $rwViewPCertificates['jobName']; ?> "> <?php echo $rwViewPCertificates['jobName']; ?></option> 
     <?php } ?> 

     </select> 
</form>

PHP:

<?php if (isset($_POST['ViewPositionCertificates'])) { ?> 
     <table class = "table table-bordered"> 
      <tr class ="bg-primary"> 
       <td> List of Certificates </td> 
      </tr> 
      <?php 
      $d1 = $_POST['ViewPositionCertificates']; 
      echo $_POST['ViewPositionCertificates']; 
      $ViewCertificatesFP = mysql_query("SELECT * FROM table_cmsjobassigning WHERE jobName = '$d1' ") or die("error" . mysql_error()); 

      while ($rwViewCertificatesFP = mysql_fetch_array($ViewCertificatesFP)) { 

       echo "<tr>"; 
       echo "<td>" . $rwViewCertificatesFP['Certificate'] . "</td>"; 
       echo "</tr>"; 
      } 
      ?> 

     </table> 




    <?php } ?>

MYSQL當我用例如

mysql_query("SELECT * FROM table_cmsjobassigning WHERE jobName = 'MASTER' ") or die("error" . mysql_error());

字符串WHERE子句工作正常,但是當我使用一個變量分配$_POST['ViewPositionCertificates']一個變量MYSQL WHERE子句不閱讀任何幫助嗎?

來源

2015-12-15 Salvador Mark Anjelo

+0

'$ ViewCertificatesFP = mysql_query(「SELECT * FROM table_cmsjobassigning WHERE jobName ='{$ d1}'」)或die(「error」)。 mysql_error());' 使用這個查詢 和一對菜鳥,請優先於mysql的mysqli –

+0

由於沒有人說,我會說。請**不要**使用'mysql_ *'函數,因爲它們已被棄用,並且在新發布的PHP 7.0中使用[mysqli](http://php.net/manual/en/book.mysqli.php)或改爲[PDO](http://php.net/manual/en/book.pdo.php)。另外當處理用戶輸入使用準備語句,否則您的查詢是打開的[SQL注入](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – BRoebie

回答

3 
<option value ="<?php echo $rwViewPCertificates['jobName']; ?>"> <?php echo $rwViewPCertificates['jobName']; ?></option> // remove xtra spaces from here......

刪除空格從value屬性

來源

2015-12-15 07:12:15

+0

感謝沒有注意到從值屬性的空白 –

0 
<?php if (isset($_POST['ViewPositionCertificates'])) { ?> 
    <table class = "table table-bordered"> 
     <tr class ="bg-primary"> 
      <td> List of Certificates </td> 
     </tr> 
     <?php 
     $d1 = $_POST['ViewPositionCertificates']; 
     echo $_POST['ViewPositionCertificates']; 
     $ViewCertificatesFP = mysql_query("SELECT * FROM table_cmsjobassigning WHERE jobName = '".$d1."' ") or die("error" . mysql_error()); 

     while ($rwViewCertificatesFP = mysql_fetch_array($ViewCertificatesFP)) { 

      echo "<tr>"; 
      echo "<td>" . $rwViewCertificatesFP['Certificate'] . "</td>"; 
      echo "</tr>"; 
     } 
     ?> 
    </table> 
<?php } ?>

選擇查詢語法的更改使用單引號。

來源

2015-12-15 07:01:53

+0

謝謝你的迴應:)但我已經嘗試,迄今不會工作?我也嘗試重新啓動我的Apache和MySQL,但它仍然不起作用 –

+0

嘗試打印查詢。 –

+0

你不知道如何投票嗎?或者你只需​​要一個答案。 –

-1

試圖改變自己的查詢方法,它可以幫助...

$ViewCertificatesFP = mysql_query("SELECT * FROM table_cmsjobassigning WHERE jobName = '".$d1."' ") or die("error" . mysql_error());

來源

2015-12-15 07:02:57 rahul

0

試試這個:

mysql_query("SELECT * FROM table_cmsjobassigning WHERE jobName = ".$_POST['ViewPositionCertificates'])

來源

2015-12-15 07:03:48

0

你不能寫單引號內的變量,如果你寫它,然後PHP會認爲它是字符串。 所以您的查詢就會
$ViewCertificatesFP = mysql_query("SELECT * FROM table_cmsjobassigning WHERE jobName = $d1 ") or die("error" . mysql_error());

如需更多幫助,請在PHP讀取變量插值

來源

2015-12-15 07:08:05 Sanjay

+0

感謝您的答覆我已經嘗試過,但我不斷收到錯誤未知列'MASTER'在'where子句'master是我的數據庫中列的jobName行之一 –

+0

好了,那麼請確認'MASTER'是列出現在您的MySQL表 – Sanjay

+0

請將$ d1替換爲''。$ d1。'',我認爲它會解決您的問題 – Sanjay

1

嘗試這樣的..

$ViewCertificatesFP = mysql_query("SELECT * FROM table_cmsjobassigning WHERE jobName = '".mysql_real_escape_string(trim($d1))."' ") or die("error" . mysql_error()); 


$ViewCertificatesFP = mysql_query("SELECT * FROM table_cmsjobassigning WHERE jobName = '".addslashes(trim($d1))."' ") or die("error" . mysql_error());

來源

2015-12-15 07:10:29

+0

我認爲「$ d1」變量的值有一些特殊字符。嘗試使用與mysql_real_escape_string()或addslashes() –

相關問題

 相關問題