Php 搜索数据库列时出现未知列“Where子句中的Bloomsbury”错误_Php_Mysql_Sql_Database

Php 搜索数据库列时出现未知列“Where子句中的Bloomsbury”错误

php mysql sql database

Php 搜索数据库列时出现未知列“Where子句中的Bloomsbury”错误,php,mysql,sql,database,Php,Mysql,Sql,Database,从下拉列表中选择后创建下拉列表的PHP代码 function getPublishers (){ $sql = "SELECT DISTINCT bookid, publisher FROM book GROUP BY publisher ORDER BY publisher ASC"; $rs = mysql_query($sql) or die(mysql_error()); $rows = mysql_fetch_assoc($rs); $tot

从下拉列表中选择后

创建下拉列表的PHP代码

function getPublishers (){

    $sql = "SELECT DISTINCT bookid, publisher FROM book GROUP BY publisher ORDER BY    
publisher ASC";
    $rs = mysql_query($sql) or die(mysql_error());
    $rows = mysql_fetch_assoc($rs);
    $tot_rows = mysql_num_rows($rs);
    if($tot_rows>0){
        echo "<select name=\"srch_publisher\" id=\"srch_publisher\">\n";
        echo "<option value=\"\">Any Publisher&hellip;</option>\n";
        do{
            echo "<option value=\"".$rows['bookid']."\"";
            getSticky(2, 'srch_publisher', $rows['bookid']);
            echo ">".$rows['publisher']."</option>";
        } while($rows = mysql_fetch_assoc($rs));
        echo "</select>";
    }
    mysql_free_result($rs);
}

基于选择执行查询的PHP代码

$sql =  "SELECT DISTINCT bk.title AS Title, bk.year AS Year, bk.publisher AS Publisher, aut.authorname AS Author 
         FROM book bk 

         JOIN book_category bk_cat 
         ON bk_cat.book_id = bk.bookid

         JOIN categories cat 
         ON cat.id = bk_cat.category_id

         JOIN books_authors bk_aut 
         ON bk_aut.book_id = bk.bookid

         JOIN authors aut
         ON aut.id = bk_aut.author_id";

if(isset($_GET['searchInput'])){
$input = $_GET['searchInput'];
$input = preg_replace('/[^A-Za-z0-9]/', '', $input);
}
if (isset($input)){

    $getters = array();
    $queries = array();

    foreach ($_GET as $key => $value) {
        $temp = is_array($value) ? $value : trim($value);
        if (!empty($temp)){
        if (!in_array($key, $getters)){
            $getters[$key] = $value;
            }
        }
    }

    if (!empty($getters)) {

        foreach($getters as $key => $value){
            ${$key} = $value;
            switch ($key) {
                case 'searchInput':
                    array_push($queries,"(bk.title LIKE '%$searchInput%' 
                    || bk.description LIKE '%$searchInput%' || bk.isbn LIKE '%$searchInput%' 
                    || bk.keywords LIKE '%$searchInput%' || aut.authorname LIKE '%$searchInput%')");
                break;
                case 'srch_publisher':
                    array_push($queries, "(bk.bookid = $srch_publisher)");
                break;
                case 'srch_author':
                    array_push($queries, "(bk_aut.author_id = $srch_author)");
                break;          
        }
    }
}

if(!empty($queries)){
    $sql .= " WHERE ";
    $i = 1;
    foreach ($queries as $query) {
        if($i < count($queries)){
            $sql .= $query." AND ";
        } else {
            $sql .= $query;
        }   
        $i++;
    }
}
$sql .= " GROUP BY bk.title  ORDER BY bk.title ASC";

}else{
    $sql .= " GROUP BY bk.title ORDER BY bk.title ASC";
}

当我与出版商Bloomsbury或任何其他出版商一起搜索书籍时，我会在Where子句中找到未知列“Bloomsbury”，即使我正在搜索出版商的列

array_push($queries, "(bk.bookid = $srch_publisher)"

应该是

array_push($queries, "(bk.bookid = '$srch_publisher')"

…如果要搜索字符串，需要在字符串周围加引号

但是-您不应该以这种方式引入参数，mysql_*函数已被弃用。请查看mysqli或PDO和参数绑定。

显示您发送到查询函数调用的实际查询。您可能容易受到SQL注入攻击和/或忘记引用某些内容，因此您的位置为publisher=Bloo姆斯伯里