編譯此代碼時發生錯誤..有人可以幫助我嗎?在php中搜索編碼
search.html
<form name="form" method="post" action="search0.php">
Search by Matric No.:
<input type="text" name="patron_ID" placeholder="Student No.">
<input type="submit" name="Submit" value="Search">
</form>
search0.php
<?php
/* include db connection file*/
include("dbconnect.php");
/* capture student number */
//$idsaja = $_POST['idsaja'];
$patron_ID = $_POST['patron_ID'];
/* execute SQL statement */
$sql= " SELECT br.patron_ID, p.patron_Name, br.book_Accession, b.book_Title, br.borrowed_Date,
br.discharged_Date, br.due_Date, b.book_Status
FROM borrow br
INNER JOIN patrons p
ON p.patron_ID = br.patron_ID
JOIN book b
ON b.book_Accession = br.book_Accession
WHERE patron_ID = '$patron_ID'";
//"SELECT * FROM patrons WHERE patron_ID= '$patron_ID'";
$query = mysql_query($sql) or die ("Error: ".mysql_error());
$row = mysql_num_rows($query);
if($row == 0){
echo "No record found";
}
else{
$r = mysql_fetch_assoc($query);
$patron_ID = $r['patron_ID'];
$patron_Name = $r['patron_Name'];
$book_Accession = $r['book_Accession'];
$book_Title = $r['book_Title'];
$borrowed_Date = $r['borrowed_Date'];
$discharged_Date = $r['discharged_Date'];
$due_Date = $r['due_Date'];
$book_Status = $r['book_Status'];
?>
的錯誤是 「錯誤:列 'patron_ID' 在where子句不明確」。什麼意思呢?誰能給我解釋一下..
您的代碼很容易受到SQL注入式攻擊。 – Dai 2014-10-29 00:33:54
嘗試添加'WHERE br.patron_ID',考慮使用mysqli或PDO來代替 – Ghost 2014-10-29 00:34:28
您只需要將表添加到它,就像其他的'WHERE p.patron_ID' – 2014-10-29 00:34:37