-1
我有一個PHP SQL查詢,看起來像這樣:PHP SQL IN操作符與AND條件
$search = mysql_query("SELECT * FROM `data` WHERE (`state` IN ($userStr)) AND ('Scholarship Type' LIKE '%$stype%')")
$ userstr是獲得由一個複選框終端用戶選擇狀態的陣列。這部分工作正常,但是當我介紹獎學金類型的下一個條件時,它將不起作用。
這裏是全碼:
<html>
<head>
<link rel="stylesheet" type="text/css" href="results.css">
</head>
</html>
<?php
$state = $_POST['state'];
$stype = $_POST['stype'];
$connection = mysql_connect('198.71.225.63:3306', 'newmslsuper', 'blank'); //The Blank string is the password
mysql_select_db('msl_data');
if(isset($_POST['col'])){
$state1 = $_POST['col'];
}
$userStr = implode(',', $state1);
$search = mysql_query("SELECT * FROM `data` WHERE (`state` IN ($userStr)) AND ('Scholarship Type' LIKE '%$stype%')");
$count=mysql_num_rows($search);
if ($count==0) {
echo 'Sorry your search returned no results. Please try again.';
}
else {
$fields_num1 = mysql_num_fields($search);
echo "<table><tr>";
// printing table headers
for($i=0; $i<$fields_num1; $i++)
{
$field1 = mysql_fetch_field($search);
echo "<th>{$field1->name}</th>";
}
echo "</tr>\n";
// printing table rows
while($row1 = mysql_fetch_row($search))
{
echo "<tr>";
// $row is array... foreach(..) puts every element
// of $row1 to $cell1 variable
foreach($row1 as $cell1)
echo "<td>$cell1</td>";
echo "</tr>\n";
}
}
mysql_close(); //Make sure to close out the database connection
?>
'mysql_ *'功能棄用(和在PHP7移除),我建議使用PDO作爲替代方法(使用Google搜索提供了大量關於如何使用它的示例)。另外:你的代碼容易受到SQL注入的影響,要麼使用準備好的語句,要麼對用戶提供的數據進行適當的檢查(至少是逃脫)。 – ccKep
[您的腳本存在SQL注入攻擊風險。](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) –
請[停止使用mysql_ * '函數](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php)。 [這些擴展](http://php.net/manual/en/migration70.removed-exts-sapis.php)已在PHP 7中刪除。瞭解[編寫](http://en.wikipedia.org/ wiki/Prepared_statement)語句[PDO](http://php.net/manual/en/pdo.prepared-statements.php)和[MySQLi](http://php.net/manual/en/mysqli.quickstart .prepared-statements.php)並考慮使用PDO,[這真的很簡單](http://jayblanchard.net/demystifying_php_pdo.html)。 –