PHP決策查詢得到錯誤，如在未知列「where子句」

Question

我有這段代碼在PHP爲使得從MySQL數據庫

if(isset($_SESSION["esb2b_userid"])){ 
    $check_row = mysql_num_rows(mysql_query("select * from esb2b_basket where es_session='.$site.' and es_uid=".$_SESSION["esb2b_userid"]) or die(mysql_error())); 

    echo "Logged in as <b>" . $_SESSION["esb2b_username"] . "</b>" ; 
    ?> <? }else{ 
    ?> <? echo "$to" ?> Our Website <? } ?> <? if($_SESSION['esb2b_userid']=='') 
      {?> <span id="log-info"><a href="<?=$domain_url?>/signup.html"><? echo "$Join_Free" ?></a><?php }?> | 

    <? if($_SESSION['esb2b_userid']=='') 
      {?> <a href="<?=$domain_url?>/signin.php?file="><? echo "$Sign_In" ?></a><?php } else { ?><a href="<?=$domain_url?>/logout.php" > <? echo "$Sign_out" ?> </a><?php }?> 

但現在我喜歡這個

得到錯誤查詢

Unknown column 'esb2b_userid' in 'where clause' 

所以，有人可以告訴我，我得到這個結果，我該如何解決這個問題？任何幫助和建議都將非常可觀。由於

Answer 1

改變這種

mysql_query("select * from esb2b_basket where es_session='.$site.' and es_uid=".$_SESSION["esb2b_userid"]) 

到

mysql_query("select * from esb2b_basket where es_session='".$site."' and es_uid=".$_SESSION["esb2b_userid"]) 

Answer 2

你在查詢中括號有點混，可嘗試：

$check_row = mysql_num_rows(mysql_query("select * from esb2b_basket where es_session='".$site."' and es_uid='".$_SESSION["esb2b_userid"]."') or die(mysql_error())); 

Answer 3

你應該mysql_real_escape_string逃脫你的變量sql注入 試試這個

$check_row = mysql_num_rows(mysql_query("select * from esb2b_basket 
    where es_session= '".mysql_real_escape_string($site)."' 
     and es_uid='".mysql_real_escape_string($_SESSION["esb2b_userid"])."' ") or die(mysql_error())); 

，並請不要用mysql，變化的mysqli或PDO