Question

这种语法有什么问题？

select * from registered_members where username = '$username' AND LIKE '%LOL%'

Answer 1

您没有指定要与LIKE进行比较的列。

"select * from registered_members where username = '" . mysql_real_escape_string($username) . "' and username like '%LOL%'"

此外，您需要保护自己免受SQL注入......您应该使用参数化查询。

Answer 2

除了将列名添加到搜索之外，您还应该转义$username变量以防止SQL注入：请参阅bobby-tables.com。否则，当您编写它时，人们可以在您的页面中执行任意SQL代码。

Answer 3

你需要一个名称在＆＃34; AND＆＃34;之间。＆安培; ＆＃34; LIKE＆＃34;

即

    SELECT * FROM Registered_Members WHERE UserName = '$username' AND UserName LIKE '%LOL%'

Answer 4

select * from registered_members where username = '$username' AND username LIKE '%LOL%'