Php WHERE子句失败的简单mysql_查询_Php_Mysql_Where

Php WHERE子句失败的简单mysql_查询

php mysql

Php WHERE子句失败的简单mysql_查询,php,mysql,where,Php,Mysql,Where,这是我的密码： <p>Select application status to view.</p> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <select name="type" style="width:100px;"> <option name="New">New</option>

这是我的密码：

<p>Select application status to view.</p>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <select name="type" style="width:100px;">
        <option name="New">New</option>
        <option name="Approved">Approved</option>
        <option name="Denied">Denied</option>
        <option name="In Training">In Training</option>
        <option name="Passed">Passed</option>
        <option name="Retrained">Retrained</option>
        <option name="Failed">Failed</option>
        <option name="Placed">Placed</option>
    </select>
    <input type="submit" value="Go" />
</form>

<?php if (!isset($_POST['type'])): 
    $newapps = mysql_query('SELECT aid, status, Day, Dte, Month, Year, email, Character_Name FROM applications WHERE status LIKE "New"'); ?>

    <table>
        <tr>
            <td><strong>ID</strong></td>
            <td><strong>Status</strong></td>
            <td><strong>Date Submitted</strong></td>
            <td><strong>E-mail</strong></td>
            <td><strong>Character Name</strong></td>
        </tr>
        <?php while ($newapp = mysql_fetch_array($newapps))
            {
            $aid = $newapp['aid'];
            $status = $newapp['status'];
            $day = $newapp['Day'];
            $date = $newapp['Dte'];
            $month = $newapp['Month'];
            $year = $newapp['Year'];
            $email = $newapp['email'];
            $name = $newapp['Character_Name'];
            echo "<tr><td>$aid</td><td>$status</td><td>$day, $month $date $year</td><td>$email</td><td>$name</td></tr>\n";
            }
        ?>
    </table>

<?php else: 
    $query1 = "SELECT aid, status, Day, Dte, Month, Year, email, Character_Name FROM applications WHERE status LIKE '{$_POST['type']}'";
    $result = mysql_query('$query1') or die(mysql_error()); 
?>

    <table>
        <tr>
            <td><strong>ID</strong></td>
            <td><strong>Status</strong></td>
            <td><strong>Date Submitted</strong></td>
            <td><strong>E-mail</strong></td>
            <td><strong>Character Name</strong></td>
        </tr>
        <?php while ($applist = mysql_fetch_array($result))
            {
            $aid = $applist['aid'];
            $status = $applist['status'];
            $day = $applist['Day'];
            $date = $applist['Dte'];
            $month = $applist['Month'];
            $year = $applist['Year'];
            $email = $applist['email'];
            $name = $applist['Character_Name'];
            echo "<tr><td>$aid</td><td>$status</td><td>$day, $month $date $year</td><td>$email</td><td>$name</td></tr>\n";
            }
        ?>
    </table>    

<?php endif; ?>

选择要查看的应用程序状态
您正在将$query
用单引号括起来，从而使其按字面意思理解
使用双引号，或完全不使用：
mysql_query($query1)

尝试mysql_查询（“{$query1}”）
在打开页面所需的时间内使用双引号
+13个答案。。。简单回答：）永远不要将POST变量直接放入SQL查询中。我建议您仔细阅读有关清理输入的内容：…如果使用PDO对象，您将获得额外的分数：如果您正在访问对象属性的数组元素，即“{$item[0]}”，则只需要大括号。对于这样的直接变量，不需要大括号。