我有一个表单..想要显示来自mysql table..problem的数据是SQL查询语句没有显示数据..任何想法?我认为错误可能是由于SQL查询行中的AND语句而导致的错误?
<form method="get" action="submit.php">
Number of Bedrooms: <select name="bedrooms">
<option selected value='#'>--Choose Number of Bedrooms--</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select>
Number of Occupants: <select name="sleeps_min">
<option selected value='#'>--Choose Number of Bedrooms--</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
Availability: <select name="availability">
<option selected value='#'>--Select Availability Period--</option>
<option value="All year round">All Year Round</option>
<option value="New Year Availability Only">New Year</option>
</select>
<input type="submit" value="submit" />
</form>
-
require 'defaults.php';
require 'database.php';
/* get properties from database */
$property = $_GET['bedrooms'] ;
$sleeps_min = $_GET['sleeps_min'] ;
$availability = $_GET['availability'] ;
$query = "SELECT * FROM `properties` WHERE bedrooms = '{$bedrooms}' sleeps_min = '{$sleeps_min}' AND availability = '{$availability}'";
$row=mysql_query($query);
$result = do_query("SELECT * FROM `properties` WHERE bedrooms = '{$bedrooms}' sleeps_min = '{$sleeps_min}' AND availability = '{$availability}'", $db_connection);
while ($row = mysql_fetch_assoc($result))
{
$r[] = $row;
}
?>
答案 0 :(得分:2)
您在where子句中缺少逻辑运算符(例如AND):
$query = "SELECT * FROM `properties` WHERE bedrooms = '{$bedrooms}' sleeps_min =
^----here
并且您的查询容易受到SQL注入攻击。至少你应该通过mysql_real_escape_string
传递$ _GET变量如果您的代码中甚至出现了错误处理错误,那么您会看到语法错误:
$result = mysql_query($query) or die(mysql_error());
^^^^^^^^^^^^^^^^^^^^^^
从不假设查询成功。即使SQL语法本身是完美的(你的不是这样),查询也可能有其他原因导致无法检查失败。