MySQL查询权限语法
[英]MySQL Query Right Syntax
问题描述
$query = mysqli_query($link, "SELECT *
FROM table
WHERE column=" . row_data['column'] . " ") or die(mysqli_error($link));
Can someone tell me what wrong with syntax? 
有人可以告诉我语法有什么问题吗? I honestly work on this problem in an hour but I can't figure it out up to now. 老实说,我在一小时内就解决了这个问题,但到目前为止我还无法解决。 I think it is on the syntax maybe my quoutes is placed on wrong? 我认为这是语法上的问题,也许我的仲裁错误了吗?
row_data['column'] is equals to value a row_data['column']等于value a
If I make it hardcoded, it output expect results. 如果我对其进行硬编码,它将输出预期结果。
$query = mysqli_query($link, "SELECT *
FROM table
WHERE column='value a'") or die(mysqli_error($link));
Error 错误
Unknown column 'value a' in 'where clause'
1 个解决方案
解决方案1
2 已采纳 2017-11-26 09:23:02
You just miss single quotes: 您只是错过了单引号:
$query = mysqli_query($link, "SELECT *
FROM table
WHERE column='" . row_data['column'] . "' ") or die(mysqli_error($link));
In your second example you have placed single quotes around the value while in the first not. 在第二个示例中,您在值周围放置了单引号,而在第一个示例中则没有。
I guess your data is coming from another query, so you can think about join to reduce number of queries. 我猜您的数据来自另一个查询,因此您可以考虑加入以减少查询数量。
If data is coming from a user input you should have a look at prepared statements. 如果数据来自用户输入,则应查看准备好的语句。 If you place user input directly into the query you are open to sql injections. 如果将用户输入直接放入查询中,则可以进行sql注入。
Last but not least if you are still learning have a look at pdo instead of mysqli 最后但并非最不重要的一点是,如果您仍在学习,请查看pdo而不是mysqli
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.