希望有人可以帮助我
我已声明变量
<?php $sitename = "http://" .$_SERVER["SERVER_NAME"]; ?>
并希望在mysql查询中使用该变量:
$query_rs_main = "SELECT * FROM g_page WHERE g_page_site = "echo $sitename" AND g_page_url = '/index.asp'";
我如何做“echo $ sitename”部分?感谢
答案 0 :(得分:3)
$sitename = "http://" .$_SERVER["SERVER_NAME"];
$sitename = mysql_real_escape_string($sitename);
$query_rs_main = "SELECT * FROM g_page WHERE g_page_site = '" . $sitename . "' AND g_page_url = '/index.asp'";
答案 1 :(得分:1)
$query_rs_main = "SELECT * FROM g_page WHERE g_page_site = '". mysql_real_escape_string($sitename) . "' AND g_page_url = '/index.asp'";
要摆脱这两件事:
您不希望将变量“回显”到SQL查询中,这没有意义。您希望使用“。”将变量与字符串的其余部分连接在一起。操作
在将内容插入数据库时,您总是想要清理输入。在这种情况下,您希望escape your string阻止SQL injections。
答案 2 :(得分:0)
$query_rs_main = "SELECT * FROM g_page WHERE g_page_site = '".$sitename."' AND g_page_url = '/index.asp'";
答案 3 :(得分:-1)
$query_rs_main = "SELECT * FROM g_page WHERE g_page_site = $sitename AND g_page_url = '/index.asp'";