Php SQL语法;查看与您的MySQL服务器版本相对应的手册,以了解可在';附近使用的正确语法';{search_term}'';
我不能做实时搜索表的事情。有人能帮我吗? 这是我的密码。我只想显示我搜索过的数据Php SQL语法;查看与您的MySQL服务器版本相对应的手册,以了解可在';附近使用的正确语法';{search_term}'';,php,jquery,search,Php,Jquery,Search,我不能做实时搜索表的事情。有人能帮我吗? 这是我的密码。我只想显示我搜索过的数据 <?php //include the connection file include "conn.php"; $sql = "SELECT * FROM tblreservation"; if (isset($_POST['search'])) { $search_term = mysql_real_escape_string($_POST['search_box']); $sql
<?php
//include the connection file
include "conn.php";
$sql = "SELECT * FROM tblreservation";
if (isset($_POST['search'])) {
$search_term = mysql_real_escape_string($_POST['search_box']);
$sql .= "WHERE Name = '{search_term}'";
}
$query = mysql_query($sql) or die(mysql_error());
?>
<form name="search_form" method="POST" action="trys.php" align="center">
Search: <input type="text" name="search_box" value="" />
<input type="submit" name="search" value="Search the table...">
</form>
<table width="70%" cellpadding="5" cellspace="5">
<tr>
<td>ID</td>
<td>Name</td>
<td>Email</td>
<td>Packages</td>
<td><select name="Packages" class="fieldsize">
<option value="">select package</option>
<option value="budget" <?php if($valid_Packages=='budget') echo "selected='selected'";?>>Budget</option>
<option value="standard" <?php if($valid_Packages=='standard') echo "selected='selected'";?>>Standard</option>
<option value="super" <?php if($valid_Packages=='super') echo "selected='selected'";?>>Super</option>
<option value="mega" <?php if($valid_Packages=='mega') echo "selected='selected'";?>>Mega</option>
</select>
<span class="err"><?php echo $error["Packages"];?></span></td>
</tr>
<td>Contactno</td>
<td>Gender</td>
<td><input type="radio" name="gender" value="male" <?php if($valid_gender=='male') echo "checked='checked'";?> />
Male
<input type="radio" name="gender" value="female" <?php if($valid_gender=='female') echo "checked='checked'";?>/>
Female <span class="err"><?php echo $error["gender"];?></span></td>
<td>file</td>
<td><input type="file" name="file" value="upload" />
<span class="err"><?php echo $error["file"];?></span></td>
<td>Address</td>
</tr>
<?php while ($row = mysql_fetch_array($query)) { ?>
<td><?php echo $row['id']; ?> </td>
<td><?php echo $row['Name']; ?> </td>
<td><?php echo $row['Email']; ?> </td>
<td><?php echo $row['Packages']; ?> </td>
<td><?php echo $row['Contactno']; ?> </td>
<td><?php echo $row['Gender']; ?> </td>
<td><?php echo $row['file']; ?> </td>
<td><?php echo $row['Address']; ?> </td>
</tr>
<?php } ?>
</table>
此行中缺少一个$
和一个空格:
$sql .= "WHERE Name = '{search_term}'";
正确的行应如下所示:
$sql .= " WHERE Name = '{$search_term}' ";
您当前生成的SQL语句正是这样的:
SELECT * FROM tblreservationWHERE Name = '{search_term}'
此外,我建议检查if语句中是否存在$\u POST['search\u box']
,而不是$\u POST['search']
,并且在附加它之前,它实际上有一个值,因为这是您在查询中实际想要使用的:
if (isset($_POST['search_box']) && $_POST['search_box']) {
$search_term = mysql_real_escape_string($_POST['search_box']);
$sql .= " WHERE Name = '{$search_term}' ";
}
请尝试在单词“WHERE”-->“WHERE”之前添加一个空格。应该注意,mysql_*已被弃用,并且此代码容易受到注入攻击。mysql_ureal_uescape_ustring()
应能消除SQL注入攻击,除非库中存在任何未修复的错误,但我同意mysql_*()
已被弃用,此类错误可能无法修复。我建议OP将代码切换为使用或。紧靠$query=mysql\u query($sql)或die(mysql\u error())之前的$sql
的内容是什么?