发表新帖
发表新帖

PHP string variable in WHERE clause MySQL

后端 未结
关注
1 1110
我寻月下人不归
我寻月下人不归 2021-02-20 13:04

I am having a problem with this simple sql query:
相关标签:
1条回答
  • 攒了一身酷
    2021-02-20 13:13

    you getting no date because you have extra space betwee the quotes,

    $query_getShows = "SELECT * FROM toho_shows WHERE toho_shows.show =' ". $show. " '";
                                                                    ^ HERE      ^

    which will then be parsed into

    SELECT * FROM toho_shows WHERE toho_shows.show =' gothaf '

    remove it and it will work

    $query_getShows = "SELECT * FROM toho_shows WHERE toho_shows.show ='". $show. "'";

    As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

    • How to prevent SQL injection in PHP?
    0 讨论(0)
 看不清?
提交回复
热议问题