0

所以,我在 TAFE 创建一个网站(来自模板和给定的链接/数据库),所以我不能编辑我的数据库。任何人,当我加载我的页面时,我收到关于“@”符号附近任何内容的语法错误:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@com.au' at line 1

我的代码是:

mysql_select_db($database_sim6a2010, $sim6a2010);
$query_Recordset1 = "SELECT * FROM employeeproject WHERE projectID=" . $_GET['projectID'];
$Recordset1 = mysql_query($query_Recordset1, $sim6a2010) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);

mysql_select_db($database_sim6a2010, $sim6a2010);
$query_Recordset2 = "SELECT * FROM project WHERE projectID=" . $_GET['projectID'];
$Recordset2 = mysql_query($query_Recordset2, $sim6a2010) or die(mysql_error());
$row_Recordset2 = mysql_fetch_assoc($Recordset2);
$totalRows_Recordset2 = mysql_num_rows($Recordset2);

mysql_select_db($database_sim6a2010, $sim6a2010);
$query_Recordset3 = "SELECT employee.name, employeeproject.hours, employee.imgLocation FROM employee, employeeproject WHERE email=" . $row_Recordset1["email"];
$Recordset3 = mysql_query($query_Recordset3, $sim6a2010) or die(mysql_error());
$row_Recordset3 = mysql_fetch_assoc($Recordset3);
$totalRows_Recordset3 = mysql_num_rows($Recordset3);

我要在这里指出,我不喜欢使用 mysql,我在这个论坛上被告知不要使用它(我不会),但这是我们正在使用并且必须使用的。除了我不喜欢 Dreamweaver 巨大的“在您的页面上查克无意义的代码”之外,我们被告知我们必须使用 Dreamweaver 的记录集和 GUI 的东西。

任何人,所以得到错误的部分是:

$query_Recordset3 = "SELECT employee.name, employeeproject.hours, employee.imgLocation FROM employee, employeeproject WHERE email=" . $row_Recordset1["email"];

正如您所怀疑的那样,它的电子邮件部分充满了诸如“Sam@com”之类的东西,这会导致错误,我如何让 PHP 知道数据库中的 @sybmols 不是代码?

希望我已经提供了足够的信息。我决定问,因为任何涉及 at 符号 (@) 的搜索总是想出将其用作代码。

4

3 回答 3

1

您需要将字符串数据放在单引号中,如下所示:

$query_Recordset3 = "SELECT employee.name, employeeproject.hours, employee.imgLocation FROM employee, employeeproject WHERE email='" . $row_Recordset1["email"] . "'";
于 2012-11-22T04:05:18.670 回答
1

您需要添加引号,$row_Recordset1["email"]因为它是一个字符串

$query_Recordset3 = "SELECT employee.name, employeeproject.hours, employee.imgLocation FROM employee, employeeproject WHERE email='" . $row_Recordset1["email"]."'";

笔记:

不要使用 mysql_* 函数。很快就会被弃用。使用 PDO 或 mysqli 函数。

还要注意SQL Injection你的代码看起来很脆弱。

于 2012-11-22T04:07:01.260 回答
0

问题 #1 由@G-Nuggetand @Muthu Kumaran-email用单引号解决''

$query_Recordset3 = "SELECT employee.name, employeeproject.hours, employee.imgLocation FROM employee, employeeproject WHERE email='" . $row_Recordset1["email"] . "'";

问题 #2 - “where 子句中的列‘电子邮件’不明确”。employee您正在从 2 个表&中提取字段employeeproject,但未指定email.

$query_Recordset3 = "SELECT employee.name, employeeproject.hours, employee.imgLocation FROM employee, employeeproject WHERE employee.email='" . $row_Recordset1["email"] . "'";

尽管执行此查询的更好方法是使用JOIN

$query_Recordset3 = "SELECT employee.name, employeeproject.hours, employee.imgLocation FROM employee LEFT JOIN employeeproject ON employee.name=employeeproject.name  WHERE employee.email='" . $row_Recordset1["email"] . "'";
于 2012-11-22T04:31:19.110 回答