php - SQL ERROR = 'Backpack' 中的未知列 'where clause' ...提示？

Question

我正在学习 PHP 和 mySQL 的入门类(class)。当我单击来自同一个数据库中信息较少的表中的链接时，我正在编写的这段代码试图从数据库中返回更多信息。出于某种原因，经过无休止的研究和测试，我无法让代码正常工作。如果有任何帮助或提示，我将不胜感激。

SQL:

#stops table from being duplicated
 DROP TABLE IF EXISTS stuff;
 #create table for stuff
 CREATE TABLE IF NOT EXISTS stuff (
  id INT primary key auto_increment, 
  location_id INT not null,
  name TEXT not null,
  description TEXT not null,
  create_date DATETIME not null,
  update_date DATETIME not null,
  room TEXT,
  owner TEXT,
  finder TEXT,
  status SET('found','lost','claimed') not null
);

INSERT INTO stuff (location_id, name, description, create_date, update_date, room, owner, finder, status)
    VALUES(2, "Cell phone", "Black iPhone 5s, scratches on screen with a black otterbox", now(), now(), "", "Zach Tsouprakos", "", 'Lost'),
    (16, "Backpack", "Black and blue Under Armour backpack, with keychain hanging off the front zipper", now(), now(), "Room 2023", "", "Casimer DeCusatis", 'Found'),
    (32, "Sunglasses", "Tortoise print Ray Ban sunglasses", now(), now(), "", "", "Rachel Ulicni", 'Found');

PHP:

    #Creates individual table for each hotlink(row) 
        while ( $row = mysqli_fetch_array( $results , MYSQLI_ASSOC ) )
        {
            $alink = '<A HREF=linkystuff.php?name=' . $row['name']. '>' . $row['name'] . '</A>' ;
            echo '<TR>' ;            
            echo '<TD>' . $row['id'] . '</TD>' ;
            echo '<TD>' . $row['create_date'] . '</TD>' ;
            echo '<TD>' . $row['status'] . '</TD>' ;
            echo '<TD ALIGN=right>' . $alink . '</TD>' ;
            echo '</TR>' ;
        }

        #End the table
        echo '</TABLE>';

        #Free up the results in memory
        mysqli_free_result( $results ) ;
    }
}

#Shows the records in presidents
function show_record($dbc, $name) {
    #Create a query to get the name and price sorted by price
    $query = 'SELECT id, location_id, name, description, create_date, update_date, room, owner, finder, status FROM stuff WHERE name = ' . $name ;

Answer 1

您需要在查询中引用 $name

$query = 'SELECT id, location_id, name, description, create_date, update_date, room, owner, finder, status' .
    ' FROM stuff' .
    ' WHERE name = "' . $name . '"';
//                 ^             ^

但是最好使用prepared statements来防止sql注入(inject)等

$query = 'SELECT id, location_id, name, description, create_date, update_date, room, owner, finder, status' .
    ' FROM stuff' .
    ' WHERE name = ?';
$stmt = $mysqli_link->query($query); // or: mysqli_query($link, $query);
$stmt->bind_param('s', $name);
$stmt->execute();
$row = $stmt->fetch_assoc();