我一直在处理一些代码,其中包含一个要求您输入客户ID的表单,一旦提交表单,表单后面的PHP将访问数据库并显示有关ID的信息表。输入
然而,我的PHP似乎没有工作,当我输入一个ID并点击提交时,我收到此错误消息“您的SQL语法有错误;请查看与您的MySQL服务器版本对应的手册在'='987451''第1行附近使用的语法
这是我的HTML:
<body>
<h1>Task 8</h1>
<form id="customerform" action="task8.php" method="get">
<p>please fill in the following form</p>
<p>Customer ID: <input type="text" name="custID" /><br/>
<p><input type="submit" value="Submit">
<input type="reset" value="Reset"></p>
</form>
</body>
这是我的PHP:
<body>
<?php
$conn = mysql_connect("localhost", "twa312", "dam6av9a");
mysql_select_db("warehouse312", $conn)
or die ('Database not found ' . mysql_error() );
$cust = $_GET["custID"];
$sql = "select * from orders";
$sql = $sql . "where customerID = '$cust'";
$rs = mysql_query($sql, $conn)
or die ('Problem with query' . mysql_error());
?>
<p>information for customer ID <?php echo $cust ?> :</p>
<?php if (mysql_num_rows($rs)>0){ ?>
<table width="700" border="1" cellpadding="10" summary="Customer Details">
<tr>
<th>Order Number</th>
<th>Order Date</th>
<th>Shipping Date</th>
</tr>
<?php while ($row = mysql_fetch_array($rs)) { ?>
<tr>
<td><?php echo $row["orderNumber"]?></td>
<td><?php echo $row["orderDate"]?></td>
<td><?php echo $row["shippingDate"]?></td>
</tr>
<?php } mysql_close($conn); ?>
</table>
<?php }
else {?> <p>No customer with ID <?php echo $cust ?> in the database</p>
<?php } ?>
</body>
如果您需要更多信息,请提出任何帮助,我们将非常感激!
答案 0 :(得分:4)
您的桌名名称与WHERE之间缺少空格:
$sql = "select * from orders";
$sql = $sql . "where customerID = '$cust'";
应该是
$sql = "select * from orders";
$sql = $sql . " where customerID = '$cust'";
或只是
$sql = "select * from orders where customerID = '$cust'";
Please, don't use mysql_* functions in new code。它们不再被维护and are officially deprecated。请参阅red box?转而了解prepared statements,并使用PDO或MySQLi - this article将帮助您确定哪个。如果您选择PDO here is a good tutorial。
此外,您对SQL injections
持开放态度