我正在尝试仅基于POST的状态条目或州和城市条目提取结果,这使我发疯...
提前致谢!
$totnum=mysql_query("SELECT item_id,active from items WHERE state='$st' OR city+'$_POST[city]' AND state='$st' AND active='1'");
$totalnumber=mysql_num_rows($totnum);
$totrow=mysql_fetch_array($totnum);
预期结果:
州=佛罗里达
要么
省=佛罗里达市=代托纳比奇
最佳答案
首先,您可以显示SQL吗?
$sql = "SELECT item_id,active from items WHERE state='$st' OR city+'$_POST[city]' AND state='$st' AND active='1'";
echo $sql; //Let's see
$totnum=mysql_query($sql);
$totalnumber=mysql_num_rows($totnum);
$totrow=mysql_fetch_array($totnum);
然后...尝试在“ phpMyAdmin”上运行它以进行测试...
2-您的SQL非常危险,请尝试阅读有关"SQL Injection"的信息,并将查询更改为Prepared Statements