这是我的users表:
uid (main) | username | password
1 | DJDavid98 | "(actual password removed)"
2 | Dummy | "(another password removed)"
我的MySQL查询如下:
SELECT * FROM `users` WHERE username = "DJDavid98"
我的php代码如下所示:
$con=@mysqli_connect("localhost","root","root","database");
$sql='SELECT * FROM `users` WHERE username = "DJDavid98"';
mysqli_prepare($con, $sql);
mysqli_query($con, $sql);
mysqli_close($con);
如果我在phpMyAdmin中运行此代码,那么它会成功返回第一行,但是如果我从我的php页面运行它,我会收到以下错误:
Fatal error: Problem preparing query (SELECT * FROM `users` WHERE username = "DJDavid98") You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"DJDavid98"'
我没有得到什么区别......
答案 0 :(得分:0)
使用单引号作为用户名字符串。改变这个: -
$sql="SELECT * FROM `users` WHERE username = "DJDavid98"";
到
$sql="SELECT * FROM `users` WHERE username = 'DJDavid98' ";
答案 1 :(得分:0)
我不确定但请尝试单引号
SELECT * FROM `users` WHERE username = 'DJDavid98'
答案 2 :(得分:0)
你应该对变量使用prepare而不是整个字符串。 MySQL正在将它们转移到更安全的替代方案',当浏览器看起来像'时。{/ p>
查找MySQL Prepare并查看示例部分,了解其应该如何使用
使你的代码工作,你可以删除准备,或使准备只适用于变量部分(在这种情况下没有附加变量?)