$ id = $ _GET ['id'];
$getfile = $db->query('select * from file where id = '.$id, database::GET_ROW);
$folq = $db->query("select id as pid,folder,name as catname,name,thumb,pathc from category where id = ".$parentid, database::GET_ROW);
当我使用mysql_real_escape_string()时,它会在我的网站上收到错误消息
错误:您的SQL语法出错;检查与MySQL服务器版本对应的手册,以便在'第1行
附近使用正确的语法答案 0 :(得分:-1)
在运行数据库查询之前,在输入上执行mysql_real_escape_string:
$id = mysql_real_escape_string($id);
$parentid = mysql_real_escape_string($parentid);
$getfile = $db->query('select * from file where id = '.$id, database::GET_ROW);
$folq = $db->query("select id as pid,folder,name as catname,name,thumb,pathc from category where id = ".$parentid, database::GET_ROW);