display_art.php
print"<td><a href='member.php?username=$username'>$username</td>";
member.php: 代码显示由一位用户完成的所有艺术风格。当试图 在“ where子句”中显示未知列“用户名”
$db = mysqli_connect("localhost", "root", "","Artworks" );
$results = mysqli_query($db, "select * from artwork where username =
{$_GET['username']}")or die(mysqli_error($db));
表格:
create table artwork(
artwork_id serial primary key,
username text,
title text,
category text,
description text,
tags text,
filename text
);
答案 0 :(得分:0)
请确保输入正确的区分大小写的匹配列名,并使用准备好的语句
$db = mysqli_connect("localhost", "root", "","Artworks" );
$stmt = mysqli_prepare($db, "select * from artwork where username = ?") or die(mysqli_error($db));
mysqli_stmt_bind_param($stmt, 's',$_GET['username']);
mysqli_stmt_execute($stmt);
这样,您应该避免引号和sqlinjection问题