我开始变得怒不可遏这里PHP的MySQL的where子句不读变量
mysql_query
不承认我的变量$d1
甚至我试图将其重命名
这里是代码..
HTML :
<form action ="manageVessel.php" method ="POST">
<select onchange ="this.form.submit();" class ="form-control" name ="ViewPositionCertificates">
<option>Choose a Position </option>
<?php
$ViewPCertificates = mysql_query("SELECT * FROM table_cmsjob") or die("error" . mysql_error());
while ($rwViewPCertificates = mysql_fetch_array($ViewPCertificates)) {
?>
<option value =" <?php echo $rwViewPCertificates['jobName']; ?> "> <?php echo $rwViewPCertificates['jobName']; ?></option>
<?php } ?>
</select>
</form>
PHP:
<?php if (isset($_POST['ViewPositionCertificates'])) { ?>
<table class = "table table-bordered">
<tr class ="bg-primary">
<td> List of Certificates </td>
</tr>
<?php
$d1 = $_POST['ViewPositionCertificates'];
echo $_POST['ViewPositionCertificates'];
$ViewCertificatesFP = mysql_query("SELECT * FROM table_cmsjobassigning WHERE jobName = '$d1' ") or die("error" . mysql_error());
while ($rwViewCertificatesFP = mysql_fetch_array($ViewCertificatesFP)) {
echo "<tr>";
echo "<td>" . $rwViewCertificatesFP['Certificate'] . "</td>";
echo "</tr>";
}
?>
</table>
<?php } ?>
MYSQL当我用例如
mysql_query("SELECT * FROM table_cmsjobassigning WHERE jobName = 'MASTER' ") or die("error" . mysql_error());
字符串WHERE子句工作正常,但是当我使用一个变量分配$_POST['ViewPositionCertificates']
一个变量MYSQL WHERE子句不阅读任何帮助吗?
'$ ViewCertificatesFP = mysql_query(“SELECT * FROM table_cmsjobassigning WHERE jobName ='{$ d1}'”)或die(“error”)。 mysql_error());' 使用这个查询 和一对菜鸟,请优先于mysql的mysqli –
由于没有人说,我会说。请**不要**使用'mysql_ *'函数,因为它们已被弃用,并且在新发布的PHP 7.0中使用[mysqli](http://php.net/manual/en/book.mysqli.php)或改为[PDO](http://php.net/manual/en/book.pdo.php)。另外当处理用户输入使用准备语句,否则您的查询是打开的[SQL注入](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – BRoebie