[英]unknown column in where clause
该页面有一个变量 (aucname2) 传递给它,然后它应该将其用作 sql 语句的值。 但它一直告诉我值被用作列,然后当然告诉我该列不存在
<?php
$auc = $_GET['aucname2'];
$db_name = "auctionfinal";
$table_name = "auctions";
$connection = @mysql_connect("auctionfinal.db.6084638.hostedresource.com","xxxxx", "xxxxx") or die(mysql_error());
$db = @mysql_select_db($db_name, $connection) or die(mysql_error());
$sql = "SELECT * FROM $table_name WHERE `aucname` = $auc";
$result = @mysql_query($sql, $connection) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_array($result)) {
$aucname3 = $row['aucname'];
$seller = $row['seller'];
$price = $row['price'];
$start = $row['start'];
$end = $row['end'];
$nbids = $row['nbids'];
$category = $row['category'];
$link = "pagename.php?aucname=$aucname";
$display_block = "Auction Name - $aucname3
Seller - $seller
Price - $price
Start Date - $start </br>
End Date - $end
# bids - $nbids
Category - $category
<p> ------------------ </p>";
}
echo "$display_block";
}
?>
更改此行:
$sql = "SELECT * FROM $table_name WHERE aucname = $auc";
至
$sql = "SELECT * FROM $table_name WHERE aucname = '$auc'";
由于$auc
是一个字符串,它需要用引号引起来,否则 MySQL 会尝试查找该变量的值作为列名。
此外,您可能应该首先在$auc
上使用mysql_real_escape_string()
,否则您将容易受到 SQL 注入的攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.