1. 首页
  2. 问答
  3. PHP可用性“[] \查询与MySQL

PHP可用性“[] \查询与MySQL

2015-04-23 46 views
1

这是我一生中做了我的第一个PHP应用程序,我本周开始学习PHP的,所以不要杀我,好吗,?)PHP可用性“[] 查询与MySQL

我想使用这个脚本来查找它们可在我们的数据库中的DJ出于某种原因,当我手动输入的区域,如:。

'regions' LIKE \'tn_tricities\'

返回结果,但是当我进入它想:

$region = 'tn_tricities' 
... 
`regions` LIKE \'$region\'

它不返回任何结果你的想法如何解决这个问题?或者如果我完全走错方向,这不是检查可用性的最佳方式,请让我知道!

的完整代码:

$region = $_GET['region']; 
$date = $_GET['date']; 

require "connect.php"; 
echo $region; 
$sql = 'SELECT `vendorName`, `vendorBio`, `vendorType`, `regions` FROM 
`vendors` WHERE `regions` LIKE \'$region\' AND `datesBooked` NOT LIKE 
\'$date\' AND `datesUnavailable` NOT LIKE \'$date\' ';

来源

2015-04-23 Timothy Richard Elliott

+0

这是我从PHPMyAdmin的开门见山: $ SQL =“SELECT'vendorName','vendorBio','vendorType','regions','datesBooked','datesUnavailable' FROM'vendors'其中'regions' LIKE CONVERT(_utf8 \'tn_tricities \'USING latin1)COLLATE latin1_swedish_ci AND'datesBooked'不像CONVERT(_utf8 \'05012015 \'使用latin1)COLLATE latin1_swedish_ci AND'datesUnavailable'不像CONVERT(_utf8 \'05012015 \'使用latin1) COLLATE latin1_swedish_ci'; 当我将外部引号改为双引号时,它不会返回任何结果。 如果你想看看这个网站它是fiestausa.com –

+0

这个作品: $ region ='tn_tricities'; echo $ region; 需要“connect.php”; echo $ region; $ sql ='选择'vendorname','vendorBio','vendorType','regions','datesBooked','datesUnavailable' FROM'vendors' WHERE' regions' LIKE \'tn_tricities \'AND'datesBooked' NOT LIKE \'05012015 \'和'datesUnavailable' \ NOT LIKE \'05012015 \'; $ result = mysql_query($ sql); while($ row = mysql_fetch_array($ result)){ echo'

'.$row["vendorName"]."
“。'
'.$row["vendorBio"]."
“; } 但是现在我将其更改为双引号,它不返回任何结果。 :( –

回答

0

试试这个,

$region = $_GET['region']; 
$date = $_GET['date']; 

require "connect.php"; 
echo $region; 

$sql = "SELECT `vendorName`, `vendorBio`, `vendorType`, `regions` FROM `vendors` WHERE `regions` LIKE '$region' AND `datesBooked` NOT LIKE '$date' AND `datesUnavailable` NOT LIKE '$date' "; 
$result = mysql_query($sql);

希望这个作品。

来源

2015-04-23 06:06:48

+0

这工作:$ region ='tn_tricities'; echo $ region; require“connect.php”; echo $ region; $ sql ='SELECT vendorName,vendorBio,vendorType,regions,datesBooked,datesUnavailable FROM vendors WHERE regions LIKE \ 'tn_tricities \'和datesBooked NOT LIKE \'05012015 \'AND datesUnavailable NOT LIKE \'05012015 \''; $ result = mysql_query($ sql); while($ row = mysql_fetch_array($ result)){echo'

'.$row["vendorName"]."
“。 '
'.$row["vendorBio"]."
“;}但是现在我将它改为双引号,它不会返回任何结果。:( –

0

您正在使用单引号(')。变量不会被解析。要么把你的变量,你的报价之外,或者用双引号(“)

而且提防SQL injections

来源

2015-04-23 06:07:13 vdwijngaert

+0

这样做:$ region ='tn_tricities'; echo $ region; require”connect.php“; echo $ region; $ sql ='SELECT vendorName,vendorBio,vendorType,regions,datesBooked,datesUnavailable FROM vendors WHERE regions LIKE \'tn_tricities \'AND datesBooked NOT LIKE \'05012015 \'and datesUnavailable NOT LIKE \'05012015 \''; $ result = mysql_query($ sql); while($ row = mysql_fetch_array($ result)){echo'

'.$row["vendorName"]."
“。'
'.$row["vendorBio"]."
”; }但是当我将它改为双引号时,它不会返回任何结果。 :( –

0

单引号不允许你使用里面的变量,而不是使用双引号:。

$sql = "SELECT `vendorName`, `vendorBio`, `vendorType`, `regions` FROM 
`vendors` WHERE `regions` LIKE \'$region\' AND `datesBooked` NOT LIKE 
\'$date\' AND `datesUnavailable` NOT LIKE \'$date\' ";

来源

2015-04-23 06:07:24 niyou

+0

这工作:$ region ='tn_tricities'; echo $ region; require“connect.php”; echo $ region; $ sql ='SELECT vendorName,vendorBio,vendorType,regions,datesBooked,datesUnavailable FROM vendors WHERE regions LIKE \ 'tn_tricities \'和datesBooked NOT LIKE \'05012015 \'AND datesUnavailable NOT LIKE \'05012015 \''; $ result = mysql_query($ sql); while($ row = mysql_fetch_array($ result)){echo'

'.$row["vendorName"]."
“。 '
'.$row["vendorBio"]."
“;}但是现在我将它改为双引号,它不会返回任何结果。:( –

0

这是因为单引号和双引号之间的区别。

单引号不要“读”它们内部变量只是打印你写的东西。双引号改为读取变量值并替换您用它们写入的字符串。

小例子:

$var = "Hello"; 

echo "$var"; 
//prints Hello 
echo '$var'; 
// prints $var

所以,简单地附上您的查询在双引号,一切都应该很好地工作:

$sql = "SELECT `vendorName`, `vendorBio`, `vendorType`, `regions` FROM `vendors` WHERE 
`regions` LIKE \'$region\' AND `datesBooked` NOT LIKE \'$date\' AND `datesUnavailable` 
NOT LIKE \'$date\'";

来源

2015-04-23 06:09:56

+0

这仍然不会返回任何结果:(我直接从您的示例中复制并粘贴,并且当它tn_tricities中,但是当我将它更改为LIKE \'$ region \'时,它不起作用:( –

+0

这工作:$ region ='tn_tricities'; echo $ region; require“connect.php”; echo $ region; $ sql ='选择vendorName,vendorBio,vendorType,区域,datesBooked,datesUnavailable FROM ven dors WHERE地区LIKE \'tn_tricities \'AND datesBooked NOT LIKE \'05012015 \'and datesUnavailable NOT LIKE \'05012015 \''; $ result = mysql_query($ sql); while($ row = mysql_fetch_array($ result)){echo'

'.$row["vendorName"]."
“。'
'.$row["vendorBio"]."
“; }但是当我将它改为双引号时,它不会返回任何结果。 :( –

0

,请不要使用直接的变量为MySQL查询。有人可以提交; DELETE * FROM TABLE;或任何任意mysql代码作为日期或地区,并可以做非常邪恶的事情到您的服务器。请使用转义函数,如mysqli_real_escape_string

我会建议:

$sql = 'SELECT `vendorName`, `vendorBio`, `vendorType`, `regions` FROM 
`vendors` WHERE `regions` LIKE \'' . $region . '\' AND `datesBooked` NOT LIKE 
\'' . mysqli_real_escape_string($date) . '\' AND `datesUnavailable` NOT LIKE \'' . real_escape_string($date) . '\' ';

请读了更多关于SQL注入 - http://en.wikipedia.org/wiki/SQL_injection

来源

2015-04-23 06:53:33 PressingOnAlways

+0

这工作:$ region ='tn_tricities'; echo $ region; require“connect.php”; echo $ region; $ sql ='SELECT vendorName,vendorBio,vendorType,regions,datesBooked,datesUnavailable FROM vendors WHERE regions LIKE \ 'tn_tricities \'和datesBooked NOT LIKE \'05012015 \'AND datesUnavailable NOT LIKE \'05012015 \''; $ result = mysql_query($ sql); while($ row = mysql_fetch_array($ result)){echo'

'.$row["vendorName"]."
“。'
'.$row["vendorBio"]."
“;}但是,当我将其更改为双引号时,它不返回任何结果。:( –

相关问题

 相关问题