我想添加$query_bookname
和$query_author
之後$_GET['category']
我該怎麼做? (雙和單引號混淆了我很多)如何在mysql_query中添加變量
$query_bookname = "AND book_name LIKE '%".$_GET['book_name']."%' ";
$query_author = "AND author LIKE '%".$_GET['author']."%' ";
$result = mysql_query("
SELECT * FROM book
WHERE cate_name = '".$_GET['category']."' AND status = 1
");
除了SQL注入攻擊,我認爲你正在做正確的方式.. –