取得SQL语法错误
[英]Getting a SQL syntax error
问题描述
I am trying to get the two values from my application in my php code. 
我试图从我的应用程序中获取我的PHP代码中的两个值。 but before doing it I am trying to check through URL. 但在执行此操作之前,我尝试通过URL进行检查。 But my problem is if give the values manual I am getting right output but when I check it by passing the values I am getting an syntax error. 但是我的问题是,如果给定值手册,我会得到正确的输出,但是当我通过传递值来检查它时,则会出现语法错误。 Can any one help me in solving this. 谁能帮我解决这个问题。
<?php
$hostname_localhost ="localhost";
$database_localhost ="mobiledb";
$username_localhost ="root";
$password_localhost ="";
$localhost = mysql_connect($hostname_localhost,$username_localhost,$password_localhost)
or
trigger_error(mysql_error(),E_USER_ERROR);
$response = array();
mysql_select_db($database_localhost, $localhost);
$day = $_POST['day'];
$Q = $_POST['Qno'];
// get a product from products table
$result = mysql_query("SELECT $Q FROM `Questions` WHERE `day`='$day'") or die(mysql_error());
//echo $result;
if (mysql_num_rows($result) > 0) {
// looping through all results
// products node
$response["question"] = array();
while ($row = mysql_fetch_array($result)) {
// temp user array
$product = array();
$product["question".$i] = $row["$Q"];
$i = $i + 1;
// push single product into final response array
array_push($response["question"], $product);
}
// success
$response["success"] = 1;
// echoing JSON response
echo json_encode($response);
} else {
// no products found
$response["success"] = 0;
$response["message"] = "No users found";
// echo no users JSON
echo json_encode($response);
}
?>
2 个解决方案
解决方案1
2 2013-09-12 23:19:28
I am trying to check through URL
By this I assume you mean you are trying to go to the url: 通过这种方式,我假设您的意思是您正在尝试转到url:
http://localhost/yoursite/yourpage?Qno=5&day=thing
In that case, those variables will be accessed as $_GET['Qno'] and $_GET['day'] . 在这种情况下,这些变量将作为$_GET['Qno']和$_GET['day'] 。
You can use $_REQUEST['Qno'] and $_REQUEST['day'] to receive the variables both ways. 您可以使用$_REQUEST['Qno']和$_REQUEST['day']两种方式接收变量。 Of course, your application has so many security holes I won't even touch. 当然,您的应用程序有很多安全漏洞,我什至不会碰。
解决方案2
1 已采纳 2013-09-12 23:20:19
I would try escaping your values. 我会尝试逃避您的价值观。 will possibly fix your error and also protect you somewhat from SQL Injection which you should google and read. 可能会解决您的错误,并在某种程度上保护您免受Google注入的SQL注入的侵扰。
$day = mysql_real_escape_string($_GET['day']);
$Q = mysql_real_escape_string($_GET['Qno']);
In this example, we use $_GET because you are trying to obtain the value directly from the URL. 在此示例中,我们使用$ _GET,因为您试图直接从URL获取值。
Also, we escape the string to make sure we don't break our string syntax and inject bad monsters into your database! 另外,我们对字符串进行转义,以确保不破坏字符串语法,并向您的数据库中注入不良怪物!
ALSO: Mysql_ functionality is discontinued and you should stop using it. 还:Mysql_功能已终止,您应该停止使用它。 Read the big red box here: http://php.net/manual/en/function.mysql-query.php 在此处阅读红色的大框: http : //php.net/manual/en/function.mysql-query.php
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.