如何在mysql查询中插入php变量?
我有以下声明:如何在mysql查询中插入php变量?,php,mysql,sql,Php,Mysql,Sql,我有以下声明: SELECT bname,cnum,vnum, MATCH(vtext) AGAINST (''".$word."'') as relevance FROM kjv WHERE MATCH(vtext) AGAINST (''".$word."'') AND bnum='".$book."' ORDER by relevance DESC, bnum, cnum, vnum LIMIT 0,1"); 它返回空行,但是如果我用硬编码的值替换变量,一切都会通过。我知道变量不是空
SELECT bname,cnum,vnum, MATCH(vtext) AGAINST (''".$word."'') as relevance FROM kjv WHERE MATCH(vtext) AGAINST (''".$word."'') AND bnum='".$book."' ORDER by relevance DESC, bnum, cnum, vnum LIMIT 0,1");
mysql_query("SELECT bname,cnum,vnum, MATCH(vtext) AGAINST($word) as relevance FROM kjv WHERE MATCH(vtext) AGAINST ($word) AND bnum='$book' ORDER by relevance DESC, bnum, cnum, vnum LIMIT 0,1");
最好多看看周围的代码,但我认为是双单引号导致了问题:
SELECT bname,cnum,vnum, MATCH(vtext) AGAINST ('".$word."') as relevance FROM kjv WHERE MATCH(vtext) AGAINST ('".$word."') AND bnum='".$book."' ORDER by relevance DESC, bnum, cnum, vnum LIMIT 0,1");
SELECT bname,cnum,vnum, MATCH(vtext) AGAINST ("$word") as relevance
FROM kjv WHERE MATCH(vtext) AGAINST ("$word") AND bnum= "$book"
ORDER by relevance DESC, bnum, cnum, vnum LIMIT 0,1");
嗨,如果您已经在变量中保存了值,请尝试此操作
SELECT bname,cnum,vnum, MATCH(vtext) AGAINST ('$word') as relevance FROM kjv WHERE MATCH(vtext) AGAINST ('$word') AND bnum='".$book."' ORDER by relevance DESC, bnum, cnum, vnum LIMIT 0,1");
无论您能否让它工作,这种将字符串直接连接到SQL命令中的方法都是非常不安全的。永远不要把输入当作代码,盲目地对数据库执行它。改为使用准备好的语句,将输入视为值而不是代码:这个答案解决了手头的问题,但没有解决更紧迫的问题(SQL注入、使用参数化查询的优势……),这个答案处理那些我将向上投票的问题:)因为明显的原因被向下投票。请使用参数化查询!