SQL查询中的多个PHP变量
我很难理解PHP中的引号,主要是在执行SQL查询时。我不断收到一封信 此查询出错SQL查询中的多个PHP变量,php,sql,Php,Sql,我很难理解PHP中的引号,主要是在执行SQL查询时。我不断收到一封信 此查询出错 SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID INNER JOIN PriceBands ON Holidays.PriceBa
SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = ".$dest."AND Hotels.ID =".$hotel;
$query = "SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = '$dest' AND Hotels.ID = '$hotel'";
$query = "SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = $dest AND Hotels.ID = $hotel";
$dest = $mysqli->real_escape_string($dest);
$hotel = $mysqli->real_escape_string($hotel);
$stmt = "SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = '$dest' AND Hotels.ID = '$hotel'";
$stmt = $mysqli->prepare("SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = ? AND Hotels.ID = ?");
/* Bind parameters. Types: s = string, i = integer, d = double, b = blob */
$stmt->bind_param("ii", $dest, $hotel);
$dest = $mysqli->real_escape_string($dest);
$hotel = $mysqli->real_escape_string($hotel);
$stmt = "SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = '$dest' AND Hotels.ID = '$hotel'";
$stmt = $mysqli->prepare("SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = ? AND Hotels.ID = ?");
/* Bind parameters. Types: s = string, i = integer, d = double, b = blob */
$stmt->bind_param("ii", $dest, $hotel);
尝试将最后一个字符串更改为
WHERE Destinations.ID = '".$dest."' AND Hotels.ID ='".$hotel."'";
并始终显示sql错误。SQL(无论如何,大多数风格)要求字符串用单引号分隔,这是很有帮助的。您必须将其构建到查询中。另外,不要麻烦连接变量,因为PHP能够在字符串中查找变量。不要以这种方式构建SQL查询。使用事先准备好的语句。它的参数绑定避免了与数据类型、SQL注入攻击和任何安全性相关的问题
您遇到的错误是什么?您可能需要在
$dest之后添加一个空格。“