每当我访问该页面时,我都会收到:您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,了解在第 1 行 '' 附近使用的正确语法
它与第二个 while 循环有关
<html>
<body>
<?php
mysql_connect("mysql.1freehosting.com", "u533288591_sdc", "mypass") or die(mysql_error());
mysql_select_db("u533288591_sdc");
$name = $_POST['name'];
$probably_needed = "questions";
$grade = $_POST['class'] ;
$answers ="answers" ;
$query = mysql_query("SELECT * FROM $probably_needed ") or die(mysql_error());
$otherquery = mysql_query("select * from $ANSWERS ") or die (mysql_error()) ;
while($row = mysql_fetch_array($query)){
echo "<a href=\"answer.php?name=" . $name . "&subject=" . $row['Subject'] . "&grade=" . $grade . "\">" . $row['Subject'] ."</a>" ;
while($answerrow = mysql_fetch_array($otherquery)){
if ($answerrow['name'] == $name){
if ($answerrow['subject'] == $row['Subject']){
echo "success" ;
}
}
}
}
?>
</body>
</html>
最佳答案
A.在 php 中 $answers
不是 $ANSWERS
Variables in PHP are represented by a dollar sign followed by the name of the variable. The variable name is case-sensitive.
尝试
$answers ="answers" ;
mysqli_query($link,sprintf("Select * from %s",$answers));
B. 来自 mysql_query
Suggested alternative Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:
您应该升级到mysqli
或PDO
C. 由于代码中存在 XSS 注入(inject)缺陷,您应该使用 filter_var
我认为你的代码应该是什么样子
$mysqli = new mysqli("mysql.1freehosting.com", "u533288591_sdc", "mypass", "u533288591_sdc");
$name = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
$grade = filter_var($_POST['class'],FILTER_SANITIZE_STRING);
$tableQuestion = "questions"; // not sure where this would come from
$tableAnswer = "answers";
$resultQuestion = $mysqli->query(sprintf("SELECT * FROM `%s`", $tableQuestion));
$resultAnswer = $mysqli->query(sprintf("SELECT * FROM `%s`", $tableAnswer));
$template = "<a href=\"answer.php?name=%s&subject=%s&grade=%s\">%s</a>";
while ( $rowQuestion = $resultQuestion->fetch_assoc() ) {
printf($resultAnswer, $name, $rowQuestion['Subject'], $grade, $rowQuestion['Subject']);
while ( $rowAnswer = $resultAnswer->fetch_assoc() ) {
if ($rowAnswer['name'] == $name && $rowAnswer['subject'] == $rowQuestion['Subject']) {
echo "success";
}
}
}
关于php - MySql 查询错误是什么?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12662548/