where 子句中的未知列

Question

该页面有一个变量 (aucname2) 传递给它，然后它应该将其用作 sql 语句的值。 但它一直告诉我值被用作列，然后当然告诉我该列不存在

<?php 
    $auc = $_GET['aucname2'];
    $db_name = "auctionfinal";
    $table_name = "auctions";
    $connection = @mysql_connect("auctionfinal.db.6084638.hostedresource.com","xxxxx", "xxxxx") or die(mysql_error());
    $db = @mysql_select_db($db_name, $connection) or die(mysql_error());
    $sql = "SELECT * FROM $table_name WHERE `aucname` = $auc";
    $result = @mysql_query($sql, $connection) or die(mysql_error());

    if (mysql_num_rows($result) > 0) {
        while ($row = mysql_fetch_array($result)) {
            $aucname3 = $row['aucname'];
            $seller = $row['seller'];
            $price = $row['price'];
            $start = $row['start'];
            $end = $row['end'];
            $nbids = $row['nbids'];
            $category = $row['category'];
            $link = "pagename.php?aucname=$aucname";

            $display_block = "Auction Name - $aucname3 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            Seller - $seller &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            Price - $price &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            Start Date - $start </br>
            End Date - $end &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            # bids - $nbids &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            Category - $category
            <p> ------------------ </p>";

       }
       echo "$display_block";
    }
?>

Answer 1

更改此行：

$sql = "SELECT * FROM $table_name WHERE aucname = $auc";

至

$sql = "SELECT * FROM $table_name WHERE aucname = '$auc'";

由于$auc是一个字符串，它需要用引号引起来，否则 MySQL 会尝试查找该变量的值作为列名。

此外，您可能应该首先在$auc上使用mysql_real_escape_string() ，否则您将容易受到 SQL 注入的攻击。