我有这个问题:
$result = mysql_query("select * FROM `agents_infos`
WHERE ( agent_name LIKE '%$name%' )");
$ name是:
$name =$_POST['name'];
我想得到结果,所有包含该名称的元素,但我什么都没得到。你能帮帮我吗?
答案 0 :(得分:0)
为了接收包含该名称的所有元素的列表,您可以写:
$name = $_POST['name'];
$result = mysql_query("SELECT * FROM `agents_infos` WHERE ( agent_name LIKE '%".$name."%' )");
避免代码注入我建议使用
$name = mysql_real_escape_string( $_POST['name'] );
而不是
$ name = $ _POST ['name'];
答案 1 :(得分:0)
首先,您需要清理输入:What's the best method for sanitizing user input with PHP? 那么你需要使用mysqli而不是mysql:http://php.net/manual/en/migration55.deprecated.php
然后你可以这样做:
$name = mysqli_real_escape_string($_POST['name']);
$query = "select * FROM `agents_infos` WHERE ( agent_name LIKE '%".$name."%' )";
$result = mysqli_query($query);