doujiexi1824 2015-02-04 09:03
浏览 58
已采纳

“@ dfaf.fa”附近的语法错误MySql和PHP

I create a simple site for findID when I write the email.

HTML CODE

<form action="test.php" method="post">
        <input type="text" name="user_id_test" id="user_id_test">
        <br>
        <br>
        <input type="submit" value="Find ID">
</form>

PHP CODE

<?php

        //include database
        include 'include/db.inc';

        $emailUser = $_POST['user_id_test'];

        $findNewID = mysqli_query($connessione,"SELECT user_id FROM user_tmplt WHERE user_mail = $emailUser");

        if ($findNewID != "") {
            var_dump($findNewID);
            echo "$findNewID";
        } else {
            echo "Errore: " . $findNewID . "<br>" . mysqli_error($connessione) ."<br>";
        }

mysqli_error($connessione);

?>

I try to find ID for email: dfaf@dfaf.fa (it is in my database with ID 13) and I've this error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@dfaf.fa' at line 1

  • 写回答

4条回答 默认 最新

  • dqvzfp6468 2015-02-04 09:04
    关注

    It is about passing email as integer, pass it as string..

      mysqli_query($connessione,"SELECT user_id FROM user_tmplt WHERE user_mail = $emailUser");    

 to

 mysqli_query($connessione,"SELECT user_id FROM user_tmplt WHERE user_mail = '".$emailUser."' ");

    This would work but it is not safe to pass parameters within the queries directly, make the sql injection safe first...

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥15 想问一下树莓派接上显示屏后出现如图所示画面,是什么问题导致的
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line
  • ¥500 火焰左右视图、视差(基于双目相机)
  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化