1

I am trying to get some information from my table, but the query returns empty when I call it this way:

$varchar_string = mysqli_real_escape_string($link, $_GET['code']); //the code is b5KlL4znM in this scenario

mysqli_query($link, "SELECT * FROM table WHERE code = $varchar_string");

The string is alphanumeric, and is submitted by users, so I've escaped it before doing the query.

Now if I do this query

mysqli_query($link, "SELECT * FROM table WHERE code = 'b5KlL4znM'");

It works fine, but that's not very dynamic.

I didn't get many results when I searched for this issue, and I didn't manage to find the answer amongst those that seem relevant.

4

2 回答 2

4

Do you perhaps need to put quotes around your string?

mysqli_query($link, "SELECT * FROM table WHERE code = '$varchar_string'");
于 2012-07-11T17:17:53.427 回答
3

You'll need to include the variable in quotations.

mysqli_query($link, "SELECT * FROM table WHERE code = '$varchar_string'");
于 2012-07-11T17:17:56.437 回答