我有一个使用php变量的sql语句,但它们似乎不会通过GET从URL中提取。以下是我的变量:
$firstname = $_GET['firstname'];
$lastname = $_GET['lastname'];
$firstseason = $_GET['firstseason'];
然后我有我的网址:
np2pp2.php?firstname=t9&lastname=t9&firstseason=1900
当我的SQL语句运行时,我收到此错误:
Error: You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near 'SELECT playerID
FROM players WHERE firstname='' AND lastname='' AND firstseason=' at line 2
所以看起来它并没有拉动变量,但我不知道为什么。感谢任何帮助。谢谢。
编辑:我应该添加SQL查询:
$sql2="INSERT INTO playerRegSeason
(playerID, year, teamID, gp, minutes, pts, oreb, dreb, reb,
asts, stl, blk, turnover, pf, fga, fgm, fta, ftm, tpa, tpm)
SELECT playerID, $year, '$team', $gp, $minutes, $pts, $oreb,
$dreb, $reb, $asts, $stl, $blk, $turnover, $pf, $fga, $fgm,
$fta, $ftm, $tpa, $tpm FROM players WHERE firstname='$firstname'
AND lastname='$lastname' AND firstseason=$firstseason";
答案 0 :(得分:1)
在查询中包含变量时,总是放在大括号内,如:
select * from table where year = '{$year}'
看看是否有帮助
如果你没有代码,那么你的代码就更容易注入。
答案 1 :(得分:1)
首先,通过向上抛出if语句来仔细检查$ _GET变量是否填充:
if ($firstname != "" && $lastname != "" && $firstseason != "") {
// do SQL
} else {
// output error
}
如果显示错误,请尝试:
此外,您的SQL可能需要围绕'$ firstseason'的引号。
答案 2 :(得分:1)
试试这个:
$sql2="INSERT INTO playerRegSeason
(playerID, year, teamID, gp, minutes, pts, oreb, dreb, reb,
asts, stl, blk, turnover, pf, fga, fgm, fta, ftm, tpa, tpm)
SELECT playerID, year, team, gp, minutes, pts, oreb, dreb, reb,
asts, stl, blk, turnover, pf, fga, fgm, fta, ftm, tpa, tpm
FROM players WHERE firstname='".$firstname."'
AND lastname='".$lastname."' AND firstseason='".$firstseason."'";
如果select语句中的值是php变量,则需要使用''。
SELECT playerID, '".$year."', '".$team."', '".$gp."', '".$minutes."', '".$pts."'