試圖加載$位置到SQL查詢,但只是返回無效:PHP SQL變量
//query to Equipment
$Location= $_GET["id"];
$sql = mysqli_query($con,"SELECT * FROM `Equipment` WHERE `Location` = `".$Location."`");
$result = $sql;
if (!$result)
{
die('Invalid query: ' . mysqli_error());
}
while ($row = mysqli_fetch_array($result))
{
的$_GET['id']從另一個頁面調用。我仔細檢查了鏈接說ID
@戴夫·貝克嘗試類似如下:
<?php
$Location = isset($_GET["id"]) ? $_GET["id"] : 0;
if($Location){
$sql = mysqli_query($con,"SELECT * FROM Equipment WHERE Location = $Location"); //if location type is integer else use below one
$sql = mysqli_query($con,"SELECT * FROM Equipment WHERE Location = '$Location'"); //if location type is string
$result = $sql;
if (!$result)
{
die('Invalid query: ' . mysqli_error());
}
while ($row = mysqli_fetch_array($result))
{}
}
else{
echo "id is not set";
}
1.使用*引用*,而不是反引號,周圍的值(反引號是表/列名)。 2.使用*準備好的查詢*,現在您可以開放注入。 –
另一個建議;使用PDO,API是** **得多容易 – Phil
使用: $位置= mysql_real_escape_string($ _ GET [ 「身份證」]); – Ruben