SQL查询中的多个PHP变量
我很难理解PHP中的引号,主要是在执行SQL查询时。我不断收到一封信 此查询出错SQL查询中的多个PHP变量,php,sql,Php,Sql,我很难理解PHP中的引号,主要是在执行SQL查询时。我不断收到一封信 此查询出错 SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID INNER JOIN PriceBands ON Holidays.PriceBa
SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = ".$dest."AND Hotels.ID =".$hotel;
我试图在查询中使用两个PHP变量。任何帮助都将不胜感激 您的查询应该是
$query = "SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = '$dest' AND Hotels.ID = '$hotel'";
由于您使用的是ID,并且如果它是整数字段,则不需要在ID值周围加引号,您也可以这样做
$query = "SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = $dest AND Hotels.ID = $hotel";
更新:
您需要转义查询输入。您可以使用两种方法来保存用户输入。使用或使用:
使用mysqli\u real\u escape:
$dest = $mysqli->real_escape_string($dest);
$hotel = $mysqli->real_escape_string($hotel);
$stmt = "SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = '$dest' AND Hotels.ID = '$hotel'";
$stmt = $mysqli->prepare("SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = ? AND Hotels.ID = ?");
/* Bind parameters. Types: s = string, i = integer, d = double, b = blob */
$stmt->bind_param("ii", $dest, $hotel);
准备好的声明:
$dest = $mysqli->real_escape_string($dest);
$hotel = $mysqli->real_escape_string($hotel);
$stmt = "SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = '$dest' AND Hotels.ID = '$hotel'";
$stmt = $mysqli->prepare("SELECT Hotels.HotelImage1, Holidays.ID, Hotels.HotelName, Destinations.Name, PriceBands.PriceBand_Cost FROM Holidays
INNER JOIN Hotels ON Holidays.Hotel_ID = Hotels.ID
INNER JOIN PriceBands ON Holidays.PriceBand_ID = PriceBands.ID
INNER JOIN Destinations ON Destinations.ID = Holidays.Destination_ID
WHERE Destinations.ID = ? AND Hotels.ID = ?");
/* Bind parameters. Types: s = string, i = integer, d = double, b = blob */
$stmt->bind_param("ii", $dest, $hotel);
尝试将最后一个字符串更改为
WHERE Destinations.ID = '".$dest."' AND Hotels.ID ='".$hotel."'";
并始终显示sql错误。SQL(无论如何,大多数风格)要求字符串用单引号分隔,这是很有帮助的。您必须将其构建到查询中。另外,不要麻烦连接变量,因为PHP能够在字符串中查找变量。不要以这种方式构建SQL查询。使用事先准备好的语句。它的参数绑定避免了与数据类型、SQL注入攻击和任何安全性相关的问题
您遇到的错误是什么?您可能需要在
$dest之后添加一个空格。“
因此它与下面的和分开,但这只是一个猜测。使用PDO准备的语句可能会更安全。。你能用更多的代码更新这个问题吗?dest和hotel可能也需要引号。@user623952-可能,尽管他们都在寻找ID字段;我认为这是数字,但我已经做了很长时间了,从来没有把这类事情视为理所当然。这是一个大学作业,我们不需要深入。我们下学期再做