我正在使用GET方法从url中检索值,然后使用if语句确定它们是否存在,然后针对数据库查询它们以仅显示与它们匹配的那些项,而您的请求出现未知错误。这是我的代码
$province = $_GET['province'];
$city = $_GET['city'];
if(isset($province) && isset($city) ) {
$results3 = mysql_query("SELECT *
FROM generalinfo
WHERE province = $province
AND city = $city ")
or die( "An unknown error occurred with your request");
} else {
$results3 = mysql_query("SELECT * FROM generalinfo");
} /*if statement ends*/
最佳答案
您需要在SQL中用单引号将字符串引起来:
"SELECT * FROM generalinfo WHERE province='$province' AND city='$city'"
请注意,以这种方式构造查询可能会使您面临SQL注入(inject)漏洞的风险。考虑改用mysql_real_escape_string。
"SELECT * FROM generalinfo WHERE province='" .
mysql_real_escape_string($province) . "' AND city='" .
mysql_real_escape_string($city) . "'"
关于php - mysql_query where语句,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/2845652/