[英]PHP SQL query fails to return numerical value
When I query a price between two values from a form it shows: 当我从表单中查询两个值之间的价格时,它显示:
request "Could not execute SQL query" SELECT * FROM data WHERE id>0SELECT * FROM data WHERE price >= '100' AND price <= '150'
请求“无法执行SQL查询” SELECT * FROM数据WHERE ID> 0SELECT * FROM数据WHERE价格> ='100'并且价格<='150'
Form code (only the price code): 表单代码(仅价格代码):
<form action="searchhotel/results.php" target="_self">
<label>Price($)</label>
<select name="pricefrom">
<option value="">--</option>
<option value="100">100</option>
</select>
<label>Price TO($)</label>
<select name="priceto">
<option value="">--</option>
<option value="150">150</option>
</select>
<button type="submit">Search</button>
</form>
PHP code (results.php) all the other codes work well apart from the $search_price PHP代码(results.php)除了$ search_price之外,其他所有代码都可以正常工作
<?php
if ($_REQUEST["string"]<>'') {
$search_string = " AND (hotel LIKE '%".mysql_real_escape_string($_REQUEST["string"])."%' OR email LIKE '%".mysql_real_escape_string($_REQUEST["string"])."%')";
}
if ($_REQUEST["city"]<>'') {
$search_city = " AND city='".mysql_real_escape_string($_REQUEST["city"])."'";
}
if ($_REQUEST["star"]<>'') {
$search_star = " AND star='".mysql_real_escape_string($_REQUEST["star"])."'";
}
if ($_REQUEST["pricefrom"]<>'' and $_REQUEST["priceto"]<>'') {
$search_price = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE price >= '".mysql_real_escape_string($_REQUEST["pricefrom"])."' AND price <= '".mysql_real_escape_string($_REQUEST["priceto"])."'";
}
if ($_REQUEST["from"]<>'' and $_REQUEST["to"]<>'') {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE from_date >= '".mysql_real_escape_string($_REQUEST["from"])."' AND to_date <= '".mysql_real_escape_string($_REQUEST["to"])."'".$search_string.$search_city.$search_string.$search_star.$search_price;
} else if ($_REQUEST["from"]<>'') {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE from_date >= '".mysql_real_escape_string($_REQUEST["from"])."'".$search_string.$search_city.$ search_string.$search_star.$search_price;
} else if ($_REQUEST["to"]<>'') {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE to_date <= '".mysql_real_escape_string($_REQUEST["to"])."'".$search_string.$search_city.$search_string.$search_sta.$search_pricer;
} else {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE id>0".$search_string.$search_city.$search_string.$search_star.$search_price;
}
$sql_result = mysql_query ($sql, $connection ) or die ('request "Could not execute SQL query" '.$sql);
if (mysql_num_rows($sql_result)>0) {
while ($row = mysql_fetch_assoc($sql_result)) {
?>
Everything works well, the SQL database is successfully connected and it echoes all the values via the PHP. 一切正常,SQL数据库已成功连接,并通过PHP回显了所有值。 I think I wrongly declared the datatype for the 'price' in the SQL database as shown below:
我认为我在SQL数据库中错误地声明了“价格”的数据类型,如下所示:
CREATE TABLE IF NOT EXISTS `data` (
`id` int(11) NOT NULL auto_increment,
`from_date` date NOT NULL,
`to_date` date NOT NULL,
`hotel` varchar(250) NOT NULL,
`city` varchar(250) NOT NULL,
`star` varchar(250) NOT NULL,
`links` varchar(250) NOT NULL,
`images` varchar(250) NOT NULL,
`price` varchar(250) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;
Error in your script here .$search_string.$search_city.$search_string.$search_star.$search_price
in $search_price
is another query not a value from db or get/post, and you put query in query. 您的脚本中的错误在这里
.$search_string.$search_city.$search_string.$search_star.$search_price
是$search_price
中的另一个查询,不是来自db或get / post的值,您将查询放入查询中。
You concatinate this query string 您将这个查询字符串隐藏起来
if ($_REQUEST["pricefrom"]<>'' and $_REQUEST["priceto"]<>'') {
$search_price = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE price >= '".mysql_real_escape_string($_REQUEST["pricefrom"])."' AND price <= '".mysql_real_escape_string($_REQUEST["priceto"])."'";
} }
With 用
} else {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE id>0".$search_string.$search_city.$search_string.$search_star.$search_price;
}
And obtain bad query 并获得错误的查询
$search_price = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE price >= '".mysql_real_escape_string($_REQUEST["pricefrom"])."' AND price <= '".mysql_real_escape_string($_REQUEST["priceto"])."'"." SELECT * FROM ".$SETTINGS["data_table"]." WHERE id>0".$search_string.$search_city.$search_string.$search_star.$search_price;
}
SELECT * FROM data WHERE id>0SELECT * FROM data WHERE price >= '100' AND price <= '150'
SELECT * FROM data where id> 0SELECT * FROM data where price> ='100'AND price <='150'
Or separe 2 queryse with ;
或用分隔2查询
;
or correct condition if
or add else where is need to not have 2 queryes to execute if no need it 或更正条件,
if
不存在if
添加两个不需要的查询
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.