[英]Unknown column in where clause
This script is supposed to retrieve the CustomerID for the Customer_First_Name and Customer_Last_Name that has been entered into a form. 该脚本应检索已输入到表单中的Customer_First_Name和Customer_Last_Name的CustomerID。
$query = "SELECT CustomerID FROM customer WHERE Customer_First_Name = `.$db_customer_first_name.` AND Customer_Last_Name = `.$db_customer_last_name.`";
$result = mysql_query($query)
or die(mysql_error());
echo $result;
echo $query;
when the script runs I get this error: 当脚本运行时,出现此错误:
Unknown column '.Christopher.'
未知列“ .Christopher”。 in 'where clause'
在“ where子句”中
the query is never printed on the screen. 查询从不打印在屏幕上。
any help is appreciated. 任何帮助表示赞赏。
您的报价不好用'而不是'
使用'
代替remove`
$query = "SELECT CustomerID FROM customer WHERE Customer_First_Name = '".$db_customer_first_name."' AND Customer_Last_Name = '".$db_customer_last_name."'";
You have to use single quotes for strings. 您必须对字符串使用单引号。 Try again:
再试一次:
$query = "SELECT CustomerID FROM customer WHERE Customer_First_Name = '".$db_customer_first_name."' AND Customer_Last_Name = '".$db_customer_last_name."'";
This should work: 这应该工作:
$query = "SELECT CustomerID FROM customer WHERE Customer_First_Name = '$db_customer_first_name' AND Customer_Last_Name = '$db_customer_last_name'";
You need to use normal single quotes for values. 您需要对值使用普通的单引号。 Also you don't need to break the string if you're using double quotes - variables are detected within the string.
另外,如果您使用双引号,则无需中断字符串-在字符串中检测到变量。
Make sure you're also correctly escaping your strings for mysql to prevent injection. 确保您还正确地为mysql转义了字符串以防止注入。
Better still, look at moving to mysqli and using prepared statements. 更好的是,看看转向mysqli并使用准备好的语句。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.