0

我有一系列将信息传递到新页面以运行 MySQL 查询的链接。这是源代码中的链接之一:

<a class="bloglink" href="parknews.php?tpf_news.park_id=5">

这是生成链接的代码:

<a class="bloglink" href="parknews.php?tpf_news.park_id=<?php echo $row2['park_id'];?>">
<?php echo $row2['name']; ?>
</a>

使用该信息的查询在这里:

$park_id = $_GET['tpf_news.park_id'];
$sql = 'SELECT headline, story, DATE_FORMAT(date, "%d-%M-%Y") AS date, name
FROM tpf_news
INNER JOIN tpf_parks ON tpf_news.park_id = tpf_parks.park_id WHERE tpf_news.park_id = $park_id ORDER BY date DESC' ;

这会导致显示此错误:

Error fetching news: SQLSTATE[42S22]: Column not found: 1054 Unknown column '$park_id' in 'where clause'

我无法弄清楚为什么它不起作用。如果在查询中我替换WHERE tpf_news.park_id = $park_idWHERE tpf_news.park_id = 6(或任何其他数字),它工作正常。

有任何想法吗?

4

2 回答 2

1

您的 SQL 用单引号括起来。这意味着变量不会像您想象的那样显示。使用双引号。

为了上帝的爱,我们准备了声明。

$sql = "SELECT headline, story, DATE_FORMAT(date, "%d-%M-%Y") AS date, name
FROM tpf_news
INNER JOIN tpf_parks ON tpf_news.park_id = tpf_parks.park_id WHERE tpf_news.park_id=$park_id ORDER BY date DESC" ;

$sql = 'SELECT headline, story, DATE_FORMAT(date, "%d-%M-%Y") AS date, name
FROM tpf_news
INNER JOIN tpf_parks ON tpf_news.park_id = tpf_parks.park_id WHERE tpf_news.park_id='.$park_id.' ORDER BY date DESC' ;
于 2013-05-08T22:49:54.353 回答
1

当您的字符串在引号中时,您的变量不会被插值。所以你需要使用双引号来代替:

$sql = "SELECT headline, story, DATE_FORMAT(date, '%d-%M-%Y') AS date, name
FROM tpf_news
INNER JOIN tpf_parks ON tpf_news.park_id = tpf_parks.park_id WHERE tpf_news.park_id = $park_id ORDER BY date DESC" ;

或使用串联:

$sql = 'SELECT headline, story, DATE_FORMAT(date, "%d-%M-%Y") AS date, name
FROM tpf_news
INNER JOIN tpf_parks ON tpf_news.park_id = tpf_parks.park_id WHERE tpf_news.park_id =' .  $park_id .' ORDER BY date DESC' ;

仅供参考,您也对SQL 注入持开放态度

于 2013-05-08T22:50:00.597 回答