意外的'$ name'(T_VARIABLE)

时间:2018-01-09 19:48:31

标签: php mysql mysqli phpmyadmin

我正在尝试创建代码,所以当用户向其他用户发送朋友请求时,它会进入数据库但我收到此错误 :

  

解析错误:语法错误,意外'$ username'(T_VARIABLE)

这是我的代码:

$searchq = $_POST['searchh'];
$searchq = preg_replace("#[^0-9a-z]#i", "",$searchq);

$searchq = mysqli_real_escape_string($conn, $_POST['searchh']);
$query = mysqli_query($conn ,"SELECT * FROM users WHERE username LIKE '%$searchq%'") or die("Could not search");    
$count = mysqli_num_rows($query);

 if($count == 0){

   echo "User does not exists";

 } else {

    while($row = mysqli_fetch_array($query)) {
        $username = $row['username'];
        $id = $row['id'];
        $output .= '<a href= "request.php?id='.$row['id'].'">' $username  '</a>';
    }

   }

1 个答案:

答案 0 :(得分:3)

因为您没有像我一样正确连接以下代码行:

$output .= '<a href= "request.php?id='.$row['id'].'">' . $username .  '</a>';

注意

Little Bobby your script is at risk for SQL Injection Attacks. 了解preparedMySQLi语句。即使escaping the string也不安全!

相关问题
最新问题