Php 如何在mysqli中运行select查询
我需要显示特定的记录,记录存在于数据库中,但它没有显示任何内容。这是我的密码Php 如何在mysqli中运行select查询,php,mysqli,Php,Mysqli,我需要显示特定的记录,记录存在于数据库中,但它没有显示任何内容。这是我的密码 $con=mysqli_connect("localhost","root","","test") or die("Connecting to MySQL failed"); $name=$_POST['uname']; $query = "SELECT * FROM officedb WHERE name='.$name.'"; $data=mysqli_query($con,$query); wh
$con=mysqli_connect("localhost","root","","test") or die("Connecting to MySQL failed");
$name=$_POST['uname'];
$query = "SELECT * FROM officedb WHERE name='.$name.'";
$data=mysqli_query($con,$query);
while($row=mysqli_fetch_array($data)){
echo $row['name'];
echo $row['lname'];
echo $row['department'];
}
您将
$name$query = "SELECT * FROM officedb WHERE name='.$name.'";
$query = "SELECT * FROM officedb WHERE name = '$name'";
SELECT * FROM officedb WHERE name = '.test.'
您的查询如下所示:
$query = "SELECT * FROM officedb WHERE name = '$name'";
SELECT * FROM officedb WHERE name = '.test.'
SELECT * FROM officedb WHERE name = 'test'
$name=$_POST['uname']; /* NEVER TRUST user input. This value
could be very dangerous!!! */
$con=mysqli_connect("localhost","root","","test") or die("Connecting to MySQL failed");
$stmt = $con->prepare("SELECT * FROM `officedb` WHERE name = ?");
$stmt->bind_param('s', $name);
$stmt->execute();
$data = $stmt->get_result();
while($row=mysqli_fetch_array($data)){
// I assume these came from user input too. Do not trust when printing.
echo htmlspecialchars($row['name']);
echo htmlspecialchars($row['lname']);
echo htmlspecialchars($row['department']);
}
请考虑将此作为可接受的答案,这样新来者就不会碰到危险的代码。 <代码> ECHER$Que= =“从Office B中选择*,其中name=`.$Name”“”;代码>然后在php中运行查询myadminany error r u getting??user3113899-使用正确的方法处理mysql。您的代码容易受到SQL注入攻击。阅读并使用它们。你甚至不必这样做:`。。。name='$name'”,`用
name=“”就够了$试验'选择。。。。。。其中name='string'