Php 查询为空,为什么?
这是我的密码:Php 查询为空,为什么?,php,mysql,sql,Php,Mysql,Sql,这是我的密码: <?php $_SETTINGS = $GLOBALS["_SETTINGS"]; $trigger = $_SETTINGS->fields->trigger->value; echo $trigger . " = " . $_GET[$trigger] . "</br>"; $townQry = "SELECT * FROM towns WHERE id = '" . $_GET[$trigger] . "'
<?php
$_SETTINGS = $GLOBALS["_SETTINGS"];
$trigger = $_SETTINGS->fields->trigger->value;
echo $trigger . " = " . $_GET[$trigger] . "</br>";
$townQry = "SELECT * FROM towns WHERE id = '" . $_GET[$trigger] . "'";
echo $townQry . "</br>";
$result = mysql_query($cityQry) or die('Could not retreive towns: ' . mysql_error());
while ($town = mysql_fetch_assoc($result)) {
echo $town["town_name"];
}
?>
SQL不是有效的吗 您在查询中使用了
$cityQry
,但查询位于$townQry
中
$result = mysql_query($townQry) or die('Could not retreive towns: ' . mysql_error());
附加的
您的查询对sql注入非常开放,我建议您使用Google预置语句。您正在调用该查询:
mysql_query($cityQry)
但是您的查询变量名为$townQuery
$result = mysql_query($townQry) or die('Could not retreive towns: ' . mysql_error());
应该是:
mysql_query($townQuery)
您是否成功连接到数据库?您的变量是
$townQry
,而不是$cityQry
。您必须至少在$\u GET[$trigger]
上调用mysql\u real\u escape\u string()。这对SQL注入是完全开放的。是的,所有这些都发生在其他地方。明白了,迈克。请创建一个答案,请考虑使用支持准备好的语句的API。