php mysqli按变量搜索不起作用?

时间:2015-10-07 04:09:27

标签: php mysql mysqli

我正在尝试从数据库获取数据,但变量$ dept在查询中不起作用。 在result4正常工作时,查询result1,result2和result3没有返回任何结果。 变量$ dept也是正确的,因为当我打印它打印的值(计算机)但在查询中它不起作用。 请帮帮我

<?php
                if (isset($_POST['select_course'])) {
                    $dept = $_POST['department'];
                    $session = $_POST['session'];
                    $year = $_POST['year'];
                    $lab = $_POST['lab'];
                    $s_type = $_POST['s_type'];
                    $semester = $_POST['semester'];
                    $credit_h = $_POST['credit_h'];

                    $result1 = mysqli_query($con, "SELECT * FROM departments WHERE `name` = '$dept'");
                    $result2 = mysqli_query($con, "SELECT * FROM departments WHERE `name` = '".$dept."'");
                    $result3 = mysqli_query($con, "SELECT * FROM departments WHERE `name` =".mysqli_real_escape_string($dept));

                    $result4 = mysqli_query($con, "SELECT * FROM departments WHERE `name` = 'computer'");

                    while ($row = mysqli_fetch_array($result1)) {

                            echo $row['name'];
                      }                            
                }
                ?>

1 个答案:

答案 0 :(得分:0)

if (isset($_POST['select_course'])) {
    if ( !isset($_POST['department']) ) {
        trigger_error('missing POST parameter "department"', E_USER_ERROR);
    }
    $query = sprintf("SELECT * FROM departments WHERE `name`='%s'",  mysqli_real_escape_string($con, $_POST['department']));
    $result = mysqli_query($con, $query);
    if ( !$result ) {
        trigger_error('query failed', E_USER_ERROR);
    }
    else {
        while ( $row=mysqli_fetch_array($result) ) {
            echo $row['name'], "\r\n";
        }
    }
}

如果这不会产生任何结果,请尝试

if (isset($_POST['select_course'])) {
    if ( !isset($_POST['department']) ) {
        trigger_error('missing POST parameter "department"', E_USER_ERROR);
    }
    $query = sprintf("SELECT Count(*) FROM departments WHERE `name`='%s'",  mysqli_real_escape_string($con, $_POST['department']));
    $result = mysqli_query($con, $query);
    if ( !$result ) {
        trigger_error('query failed', E_USER_ERROR);
    }
    else {
        $row = mysqli_fetch_array($result);
        echo '# of matching records: ', $row[0], "\r\n";
    }
}

小型自足示例:

<?php
$con = new mysqli("localhost", "localonly", "localonly", "test");
if ($con->connect_errno) {
    trigger_error('connect failed', E_USER_ERROR);
}
$con->query('CREATE TEMPORARY TABLE soFoo (`name` VARCHAR(32))');
$con->query("INSERT INTO soFoo (`name`) VALUES ('depa'),('depb'),('depc')");
$_POST = ['select_course'=>'1', 'department'=>'depb']; // <- it's only an example

if (isset($_POST['select_course'])) {
    if ( !isset($_POST['department']) ) {
        trigger_error('missing POST parameter "department"', E_USER_ERROR);
    }
    $query = sprintf("SELECT * FROM soFoo WHERE `name`='%s'",  mysqli_real_escape_string($con, $_POST['department']));
    $result = mysqli_query($con, $query);
    if ( !$result ) {
        trigger_error('query failed', E_USER_ERROR);
    }
    else {
        while ( $row=mysqli_fetch_array($result) ) {
            echo $row['name'], "\r\n";
        }
    }
}
相关问题
最新问题