发表新帖
发表新帖

mySQL query multiple - returns error mysql_fetch_array

前端 未结
关注
3 1739
渐次进展
渐次进展 2021-01-28 10:34

I have 2 database tables (for a booking system) with the following structures:

quartos:

  • id_quarto.
  • tipo_quarto
3条回答
  • 抹茶落季
    抹茶落季 (楼主)
    2021-01-28 11:27

    You forget about mysql_query, change:

    // Select database
mysql_select_db("teste") or die(mysql_error());

// Get data from the database

$strSQL = "SELECT id_quarto,tipo_quarto,vista_quarto FROM quartos,reservas WHERE quartos.id_quarto!=reservas.id_quarto AND quartos.tipo_quarto='". $_POST['tipo_quarto'] ."' AND quartos.vista_quarto='". $_POST['vista_quarto'] ."'";

// Loop the recordset $rs
// Each row will be made into an array ($row) using mysql_fetch_array
while($row = mysql_fetch_array($rs)) {

    to:

    // Select database
mysql_select_db("teste") or die(mysql_error());

// Get data from the database

$strSQL = "SELECT q.id_quarto, q.tipo_quarto, q.vista_quarto ".
          " FROM quartos q, reservas r".
          " WHERE q.id_quarto != r.id_quarto ".
          " AND q.tipo_quarto = '". mysql_real_escape_string($_POST['tipo_quarto']) ."' ".
          " AND q.vista_quarto = '". mysql_real_escape_string($_POST['vista_quarto']) ."'";

$rs = mysql_query($strSQL);

// Loop the recordset $rs
// Each row will be made into an array ($row) using mysql_fetch_array
while($row = mysql_fetch_array($rs)) {

    Added: Prevent SQL injection using mysql_real_escape_string on each parameter from user.

    0 讨论(0)
 看不清?
提交回复
热议问题