您的SQL语法有错误;查看与MySQL服务器版本对应的手册~~

时间:2014-04-28 05:20:49

标签: php sql

我的搜索引擎存在问题。我可以搜索但是当点击链接时会出现“您的SQL语法中有错误;请查看与您的MySQL服务器版本对应的手册,以便在第1行的'Pacina'附近使用正确的语法”...我不知道如何解决它。你的回答可能对我有很大的帮助.. :)

这是我的代码:

<?php
    mysql_connect("localhost","root","");
    mysql_select_db("infokiosk");

    $name=$_GET['name'];
    $sql = mysql_query("select * from  basicinfo WHERE name=$name") or die(mysql_error());

While($row = mysql_fetch_array($sql)) {

$id= $_GET['id'];
$name=$_GET['name'];
$description=$_GET['description'];

{
?>
  <tr>
<td><?php echo $name; ?></td><?php echo $description; ?>
</tr>




    </div>
<?php }} ?>

<br>
<?php
 $sql = mysql_query("select * from  staffreg WHERE name LIKE '%$search%' or description LIKE '%$search%' or keyword LIKE '%$search%'") or die(mysql_error());

While($row = mysql_fetch_array($sql)) {

$id= $row['id'];
$name=$row['name'];
$description=$row['description'];
{
?>






<tr>
<td><?php echo $name; ?></td>
<?php echo $description; ?>
<?php echo $status; ?>
</tr>





    </div>
<?php }}?>

<?php
 $sql = mysql_query("select * from  search WHERE name LIKE '%$search%' or description LIKE '%$search%' ") or die(mysql_error());

While($row = mysql_fetch_array($sql)) {

$id= $row['id'];
$name=$row['name'];
$description=$row['description'];
$content=$row['content'];

{
?>






<tr>
<td><?php echo $name; ?><br> <?php echo $content ?></td>

</tr>




    </div>
<?php }}?>

我不知道什么/哪里是问题.. :( 在此先感谢.. :)

3 个答案:

答案 0 :(得分:3)

string应该用查询中的单引号包围,

"SELECT * FROM  basicinfo WHERE `name`='".$name."'";

Waring: Please, don't use mysql_* functions in new code。它们不再被维护and are officially deprecated。请参阅red box?转而了解prepared statements,并使用PDOMySQLi - this article将帮助您确定哪个。如果您选择PDO here is a good tutorial

答案 1 :(得分:0)

对于您的SELECT语句,您需要生成$ sql,如

 $sql = mysql_query("select * from  search WHERE name LIKE '%".$search."%' or description LIKE '%".$search%"."'") or die(mysql_error());

和你的另一个选择陈述

$sql = mysql_query("select * from  basicinfo WHERE `name`='$name'") or die(mysql_error());

mysql_*)扩展程序自PHP 5.5.0起已弃用,将来会被删除。相反,应使用MySQLiPDO_MySQL扩展名的准备好的语句来抵御SQL注入攻击!

答案 2 :(得分:0)

服务器版本:5.5.32 - MySQL社区服务器(GPL)

**$sql = mysql_query("select * from  staffreg WHERE name LIKE '%".$search."%' or description LIKE '%".$search."%' or keyword LIKE '%".$search."%'") or die(mysql_error());**

**$sql = mysql_query("select * from  search WHERE name LIKE '%".$search."%' or description LIKE '%".$search."%' ") or die(mysql_error());**

USE Mysql最新版本安装你的系统以及打印浏览器后应该写的所有查询。并运行sql(PHPMYADMIN)。获得结果..

相关问题
最新问题