PHP SQL查询无法返回数值

Question

当我从它显示的表单中查询两个值之间的价格时：

请求“无法执行 SQL 查询”SELECT * FROM data WHERE id>0SELECT * FROM data WHERE price >= '100' AND price

表格代码（只有价格代码）：

<form action="searchhotel/results.php"  target="_self">
<label>Price($)</label>
<select  name="pricefrom">
<option  value="">--</option>
<option  value="100">100</option>
</select>

<label>Price TO($)</label>
<select  name="priceto">
<option  value="">--</option>
<option  value="150">150</option>
</select>

<button type="submit">Search</button>

</form>

PHP 代码 (results.php) 除了 $search_price 之外，所有其他代码都运行良好

<?php
if ($_REQUEST["string"]<>'') {
    $search_string = " AND (hotel LIKE '%".mysql_real_escape_string($_REQUEST["string"])."%' OR email LIKE '%".mysql_real_escape_string($_REQUEST["string"])."%')"; 
}
if ($_REQUEST["city"]<>'') {
    $search_city = " AND     city='".mysql_real_escape_string($_REQUEST["city"])."'";   
}
if ($_REQUEST["star"]<>'') {
    $search_star = " AND     star='".mysql_real_escape_string($_REQUEST["star"])."'";   
}
if ($_REQUEST["pricefrom"]<>'' and $_REQUEST["priceto"]<>'') {
    $search_price = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE price >=     '".mysql_real_escape_string($_REQUEST["pricefrom"])."' AND price <= '".mysql_real_escape_string($_REQUEST["priceto"])."'";
}
if ($_REQUEST["from"]<>'' and $_REQUEST["to"]<>'') {
    $sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE from_date >= '".mysql_real_escape_string($_REQUEST["from"])."' AND to_date <= '".mysql_real_escape_string($_REQUEST["to"])."'".$search_string.$search_city.$search_string.$search_star.$search_price;
} else if ($_REQUEST["from"]<>'') {
    $sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE from_date >= '".mysql_real_escape_string($_REQUEST["from"])."'".$search_string.$search_city.$    search_string.$search_star.$search_price;
} else if ($_REQUEST["to"]<>'') {
    $sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE to_date <=     '".mysql_real_escape_string($_REQUEST["to"])."'".$search_string.$search_city.$search_string.$search_sta.$search_pricer;
} else {
    $sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE     id>0".$search_string.$search_city.$search_string.$search_star.$search_price;
}


$sql_result = mysql_query ($sql, $connection ) or die ('request "Could not     execute SQL query" '.$sql);
if (mysql_num_rows($sql_result)>0) {
    while ($row = mysql_fetch_assoc($sql_result)) {
?>

一切正常，SQL 数据库已成功连接，并通过 PHP 回显所有值。我想我错误地在 SQL 数据库中声明了“价格”的数据类型，如下所示：

CREATE TABLE IF NOT EXISTS `data` (
`id` int(11) NOT NULL auto_increment,
`from_date` date NOT NULL,
`to_date` date NOT NULL,
`hotel` varchar(250) NOT NULL,
`city` varchar(250) NOT NULL,
`star` varchar(250) NOT NULL,
`links` varchar(250) NOT NULL,
`images` varchar(250) NOT NULL,
`price` varchar(250) NOT NULL,
PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;

Answer 1

您的脚本中的错误.$search_string.$search_city.$search_string.$search_star.$search_price 中的$search_price 是另一个查询，不是来自 db 或 get/post 的值，您将查询放入查询中。

你连接这个查询字符串

 if ($_REQUEST["pricefrom"]<>'' and $_REQUEST["priceto"]<>'') {
$search_price = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE price >=     '".mysql_real_escape_string($_REQUEST["pricefrom"])."' AND price <= '".mysql_real_escape_string($_REQUEST["priceto"])."'";

}

有

 } else {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE     id>0".$search_string.$search_city.$search_string.$search_star.$search_price;
 }

并获得错误查询

$search_price = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE price >=     '".mysql_real_escape_string($_REQUEST["pricefrom"])."' AND price <= '".mysql_real_escape_string($_REQUEST["priceto"])."'"."       SELECT * FROM ".$SETTINGS["data_table"]." WHERE     id>0".$search_string.$search_city.$search_string.$search_star.$search_price;
 }

SELECT * FROM data WHERE id>0SELECT * FROM data WHERE price >= '100' AND price

或者用; 或正确的条件if 分开2个查询，或者在不需要执行2个查询的地方添加其他查询