如何编写使用PHP变量的MySQL查询?
[英]How to write MySQL query that uses a PHP variable?
问题描述
How to place a php variable into query? 
如何将php变量放入查询?
$shopid = $pdo->query('SELECT shopid FROM `shop` WHERE shopname='$shopname'')->fetchAll(PDO::FETCH_ASSOC);
This is not working, the error message show: "Parse error: syntax error, unexpected '$shopname' (T_VARIABLE)" 这不起作用,错误消息显示:“解析错误:语法错误,意外'$ shopname'(T_VARIABLE)”
6 个解决方案
解决方案1
4 已采纳 2013-10-21 06:01:44
解决方案2
1 2013-10-21 06:01:59
If $shopname is coming from an untrusted source, you are wide open to SQL injection. 如果$shopname来自不受信任的来源,那么您对SQL注入非常开放。 To fix this, you should make use of PDO and it's prepared statement API: 要解决这个问题,你应该使用PDO和它准备好的语句API:
$query = $pdo->prepare("SELECT shopid FROM shop WHERE shopname = ?");
$query->bindValue(1, $shopname, PDO::PARAM_STR);
$query->execute();
$shopid = $query->fetchAll(PDO::FETCH_ASSOC);
解决方案3
0 2013-10-21 05:39:37
您没有正确包装查询。
$shopid = $pdo->query("SELECT shopid FROM `shop` WHERE `shopname`='$shopname'");
解决方案4
0 2013-10-21 06:02:43
if you support the PDO ,why not use the prepare, and it is more safe. 如果你支持PDO,为什么不使用准备,它更安全。
$stmt = $pdo->prepare('SELECT shopid FROM shop WHERE shopname=:shopname');
$stmt->bindParam(':shopname', $shopname);
$shopname = $yourdefined;
$stmt->execute();
$stmt->bindColumn(1, $shopid);
while($stmt->fetch()){
echo $shopid,PHP_EOL;
}
Well,you can also use the base sql like this: 好吧,你也可以像这样使用基本的sql:
$shopid = $pdo->query('SELECT shopid FROM `shop` WHERE shopname=\'{$shopname}\'')->fetchAll(PDO::FETCH_ASSOC);
解决方案5
-1 2013-10-21 06:03:21
'...' . '......' $shopname . $ shopname。 '...' '...'
Using point to join more than 1 string 使用point加入1个以上的字符串
解决方案6
-2 2013-10-21 05:58:25
Try This: 尝试这个:
$query = "SELECT shopid FROM shop WHERE shopname= '".$shopname."'"; $ query =“SELECT shopid FROM shop WHERE shopname ='”。$ shopname。“'”;
$result = mysql_query($query); $ result = mysql_query($ query);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.