这行得通。
function get_distinct_size_for_bracelets() {
$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='plastic' ORDER BY size";
}
这不起作用并停止 php 死机且不报告错误。
function get_distinct_size_for_bracelets($myvalue) {
$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type=".$myvalue." ORDER BY size";
}
我尝试了许多配置,但没有任何效果。
【问题讨论】:
标签: php mysql parameter-passing
function get_distinct_size_for_bracelets($myvalue) {
$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='".$myvalue."' ORDER BY size";
}
您仍然需要在 SQL 查询中使用单引号。
【讨论】:
记得引用传递的值:
function get_distinct_size_for_bracelets($myvalue)
{
$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type=".$myvalue." ORDER BY size";
}
应该是:
function get_distinct_size_for_bracelets($myvalue)
{
$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='".$myvalue."' ORDER BY size";
}
注意type 处添加的单引号。
【讨论】:
你仍然需要单引号。所以
$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='".$myvalue."' ORDER BY size";
【讨论】:
你没有逃避你的价值,你忘记了你的单引号,这是我的猜测。试试:
function get_distinct_size_for_bracelets($myvalue) {
$query = sprintf("SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='%s' ORDER BY size",
mysql_real_escape_string($myvalue));
}
这允许您将转义值传递到字符串中,而不是使用连接。
【讨论】:
试试
function get_distinct_size_for_bracelets($myvalue) {
$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='".$myvalue."' ORDER BY size";
}
【讨论】:
MySQL 也有不同的数据类型。 strings 也需要用引号括起来:
$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='".$myvalue."' ORDER BY size";
或者更好地使用mysql_real_escape_string function:
$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='".mysql_real_escape_string($myvalue)."' ORDER BY size";
【讨论】: