[英]sql query doesn't return anything
嗨,我正在嘗試運行以下查詢,但似乎未返回任何內容,我想做的就是從我的工作表中返回選擇的job_type的job_discription。
請幫忙,因為我已經花了很多時間嘗試解決它。
謝謝
阿蘭
<input type="hidden" name="JOB_TYPE" value="<?php print $_POST['JOB_TYPE'];?>"/>
<?php
$Query = " (SELECT JOB_TYPE, JOB_DISCRIPTION FROM jobs " .
"WHERE jobs.JOB_TYPE ='$_POST[JOB_TYPE]' " .
"AND jobs.JOB_DISCRIPTION = 'JOB_DISCRIPTION')";
$Result = mysqli_query($DB, $Query);
?>
<?php
$Result = mysqli_query($DB,$Query)or die(mysqli_error($DB));
while ($Row = mysqli_fetch_assoc($Result)) // Now we go through the data displaying
{
print $Row ['JOB_DISCRIPTION'] ;
}
?>
首先,該代碼很容易進行sql注入:您不應直接使用$ _POST數據。 第二,如果要特定類型的描述,請刪除最后一個條件。
從末尾刪除AND
語句:
AND jobs.JOB_DISCRIPTION = 'JOB_DISCRIPTION'
還要從查詢語句中刪除括號( )
。
" -- quotation marks are only required at the start and end
SELECT JOB_TYPE
, JOB_DISCRIPTION -- some people spell description with an 'e'
FROM jobs
WHERE jobs.JOB_TYPE =$_POST['JOB_TYPE'] -- escape data (using modern methods) to prevent injection and note
AND jobs.JOB_DISCRIPTION = 'JOB_DISCRIPTION'; -- This is really strange
"
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.