这个页面有一个传递给它的变量(aucname2),然后它应该使用它作为sql语句的值。但它一直告诉我,值被用作列,然后当然告诉我列不存在
<?php
$auc = $_GET['aucname2'];
$db_name = "auctionfinal";
$table_name = "auctions";
$connection = @mysql_connect("auctionfinal.db.6084638.hostedresource.com","xxxxx", "xxxxx") or die(mysql_error());
$db = @mysql_select_db($db_name, $connection) or die(mysql_error());
$sql = "SELECT * FROM $table_name WHERE `aucname` = $auc";
$result = @mysql_query($sql, $connection) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_array($result)) {
$aucname3 = $row['aucname'];
$seller = $row['seller'];
$price = $row['price'];
$start = $row['start'];
$end = $row['end'];
$nbids = $row['nbids'];
$category = $row['category'];
$link = "pagename.php?aucname=$aucname";
$display_block = "Auction Name - $aucname3
Seller - $seller
Price - $price
Start Date - $start </br>
End Date - $end
# bids - $nbids
Category - $category
<p> ------------------ </p>";
}
echo "$display_block";
}
?>
答案 0 :(得分:7)
更改此行:
$sql = "SELECT * FROM $table_name WHERE aucname = $auc";
到
$sql = "SELECT * FROM $table_name WHERE aucname = '$auc'";
由于$auc是一个字符串,因此需要用引号括起来,否则MySQL会尝试将该变量的值作为列名查找。
此外,您可能应首先在mysql_real_escape_string()上使用$auc,否则您将容易受到SQL注入攻击。