Fatal编程技术网
  • php/
  • 语法mysql/php错误

语法mysql/php错误

php mysql

语法mysql/php错误,php,mysql,Php,Mysql,我真不明白为什么这句话是错的 $uname=$_POST['username']; $pass=$_POST['pass']; $str="select * from account where username='".$uname."' and password='".$pass."'"; echo $str; echo "\n"; $str=mysql_real_escape_string($str); $result=mysql_query($str) or die("Error: ".

我真不明白为什么这句话是错的

$uname=$_POST['username'];
$pass=$_POST['pass'];
$str="select * from account where username='".$uname."' and password='".$pass."'";
echo $str;
echo "\n";
$str=mysql_real_escape_string($str);
$result=mysql_query($str) or die("Error: ". mysql_error(). " with query ". $str);
$num=mysql_num_rows($result);
它告诉我:

select * from account where username='negin'and password='parsa' Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'negin\'and password=\'parsa\'' at line 1 with query select * from account where username=\'negin\'and password=\'parsa\'
对参数使用
mysql\u real\u escape\u string()
,对整个查询使用no。您正在转义单引号,因此查询出错。

对参数使用
mysql\u real\u escape\u string()
,对整个查询不使用。您正在转义单引号,因此查询出错。

以这种方式使用

$uname=mysql_real_escape_string($_POST['username']);
$pass=mysql_real_escape_string($_POST['pass']);
$str="select * from account where username='".$uname."' and password='".$pass."'";

$result=mysql_query($str) or die("Error: ". mysql_error(). " with query ". $str);
$num=mysql_num_rows($result);
以这种方式使用

$uname=mysql_real_escape_string($_POST['username']);
$pass=mysql_real_escape_string($_POST['pass']);
$str="select * from account where username='".$uname."' and password='".$pass."'";

$result=mysql_query($str) or die("Error: ". mysql_error(). " with query ". $str);
$num=mysql_num_rows($result);
我也有这样运行它的问题,问题出在
mysql\u real\u escape\u string()
部分

//Change
$str="select * from account where username='".$uname."' and password='".$pass."'";

//To
$str="select * from account where username='".mysql_real_escape_string($uname)."' and password='".mysql_real_escape_string($pass)."'";
我也有这样运行它的问题,问题出在
mysql\u real\u escape\u string()
部分

//Change
$str="select * from account where username='".$uname."' and password='".$pass."'";

//To
$str="select * from account where username='".mysql_real_escape_string($uname)."' and password='".mysql_real_escape_string($pass)."'";
由于您在整个$str上使用的是
mysql\u real\u escape\u string()
。它还将转义您为插入变量而手动添加的单引号,。从而导致错误

这样试试

$uname=$_POST['username'];
$pass=$_POST['pass'];

$uname = mysql_real_escape_string($uname);
$pass = mysql_real_escape_string($pass);

$str="select * from account where username='".$uname."' and password='".$pass."'";
echo $str;
echo "\n";
//$str=mysql_real_escape_string($str);
$result=mysql_query($str) or die("Error: ". mysql_error(). " with query ". $str);
$num=mysql_num_rows($result);
由于您在整个$str上使用的是
mysql\u real\u escape\u string()
。它还将转义您为插入变量而手动添加的单引号,。从而导致错误

这样试试

$uname=$_POST['username'];
$pass=$_POST['pass'];

$uname = mysql_real_escape_string($uname);
$pass = mysql_real_escape_string($pass);

$str="select * from account where username='".$uname."' and password='".$pass."'";
echo $str;
echo "\n";
//$str=mysql_real_escape_string($str);
$result=mysql_query($str) or die("Error: ". mysql_error(). " with query ". $str);
$num=mysql_num_rows($result);
mysql_*函数去年是如此……PDO PDO
ext/mysql
被正式弃用。请使用mysqli或PDO,也请使用准备好的语句和占位符。mysql_*函数去年也是如此……PDO PDO PDO
ext/mysql
被正式弃用。请使用mysqli或PDO,也请使用准备好的语句和占位符。