This question already has an answer here:
这个问题在这里已有答案:
- When to use single quotes, double quotes, and backticks in MySQL 12 answers
何时在MySQL 12中使用单引号,双引号和反引号
$sql="SELECT * FROM Users WHERE '$searchType' = '$search'";
searchType is the column and search is what I want to search for.
searchType是列,搜索是我要搜索的内容。
I have checked my form and it is posting the values but failing when it gets to my sql.
我检查了我的表单,它发布了值但是当它到达我的sql时失败了。
Successfully connected to the database Types: - cusNamevalue: - Fred0 search results
成功连接到数据库类型: - cusNamevalue: - Fred0搜索结果
<form id="form1" name="form1" method="POST" action="search.php">
<p>
<label for='name' >Search for a customer: </label>
<input type='text' name='search' id='customername' maxlength="45" required/>
</p>
<input type="hidden" name="searchType" value="cusName"/>
<input type='submit' name='submit' value='Submit'/>
</form>
1 个解决方案
#1
It is not the very best practice to use not binded parameters in query string. But just to resolve the current problem you should replace single quotes to backticks around the column name:
在查询字符串中使用非绑定参数不是最佳实践。但只是要解决当前问题,您应该将单引号替换为列名称周围的反引号:
$sql="SELECT * FROM Users WHERE `$searchType` = '$search'";
#1
It is not the very best practice to use not binded parameters in query string. But just to resolve the current problem you should replace single quotes to backticks around the column name:
在查询字符串中使用非绑定参数不是最佳实践。但只是要解决当前问题,您应该将单引号替换为列名称周围的反引号:
$sql="SELECT * FROM Users WHERE `$searchType` = '$search'";