我如何使用MySQL中两个不同字段中的两个变量进行搜索

时间:2011-02-05 18:05:13

标签: php sql mysql mysql-error-1064

这是我的代码 - 我无法使其工作:

<?php require_once('../Connections/User.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE grade SET GSCode=%s, GSem=%s, GYear=%s, Grade=%s WHERE GStudNo=%s",
                       GetSQLValueString($_POST['GSCode'], "text"),
                       GetSQLValueString($_POST['GSem'], "text"),
                       GetSQLValueString($_POST['GYear'], "text"),
                       GetSQLValueString($_POST['Grade'], "text"),
                       GetSQLValueString($_POST['GStudNo'], "text"));

  mysql_select_db($database_User, $User);
  $Result1 = mysql_query($updateSQL, $User) or die(mysql_error());
}

mysql_select_db($database_User, $User);
$query_Recordset1 = sprintf("SELECT * 
           FROM grade 
          WHERE GSCode = '%s' AND GStudNo = '%s'",
        mysql_real_escape_string($_POST['a']),
        mysql_real_escape_string($_POST['b']));

$Recordset1 = mysql_query($query_Recordset1, $User) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
$query_Recordset1 = "SELECT * FROM grade WHERE GSCode = '$_POST[a]' $$ GStudNo =  '$_POST[b]'";
$Recordset1 = mysql_query($query_Recordset1, $User) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<form action="<?php echo $editFormAction; ?>" method="post" name="form1" id="form1">
  <table align="center">
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">GStudNo:</td>
      <td><?php echo $row_Recordset1['GStudNo']; ?></td>
    </tr>
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">GSCode:</td>
      <td><input type="text" name="GSCode" value="<?php echo htmlentities($row_Recordset1['GSCode'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
    </tr>
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">GSem:</td>
      <td><input type="text" name="GSem" value="<?php echo htmlentities($row_Recordset1['GSem'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
    </tr>
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">GYear:</td>
      <td><input type="text" name="GYear" value="<?php echo htmlentities($row_Recordset1['GYear'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
    </tr>
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">Grade:</td>
      <td><input type="text" name="Grade" value="<?php echo htmlentities($row_Recordset1['Grade'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
    </tr>
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">&nbsp;</td>
      <td><input type="submit" value="Update record" /></td>
    </tr>
  </table>
  <input type="hidden" name="MM_update" value="form1" />
  <input type="hidden" name="GStudNo" value="<?php echo $row_Recordset1['GStudNo']; ?>" />
</form>
<p>&nbsp;</p>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>

4 个答案:

答案 0 :(得分:2)

SQL在条件中使用AND,而不是&&

答案 1 :(得分:1)

使用AND代替&amp;&amp;

使用sprintf来保护你的变量:

sprintf("SELECT * 
           FROM grade 
          WHERE GSCode = '%s' AND GStudNo = '%s'",
        mysql_real_escape_string($_POST['a']),
        mysql_real_escape_string($_POST['b']));

答案 2 :(得分:1)

使用而非&amp;&amp;。

mysql_query("select * from table where `one`='$_POST[one]' and `two`='$_POST[two]'") or die (mysql_error());

答案 3 :(得分:0)

我认为你的意思是

"SELECT * FROM grade WHERE GSCode = '{$_POST['a']}' and GStudNo = '{$_POST['b']}'"

不仅是'和',还包含了post值。或者你是否真的想要为文字文本寻找:'$ _POST [s]'?哪个仍然不会以您发布的方式工作,因为如果您不撤消它,PHP字符串解析器会尝试评估$_POST

相关问题
最新问题