dongnai8013 2012-03-14 23:25
浏览 72
已采纳

将PHP变量添加到SQL语句中。 不工作

I can't get a variable to work in SQL statement. I can get it to work when I replace (username = $user) with (ID = 11) which is another column from database and a specific row (11), but I want to include a specific row matching $user from column 'username', along with other random results with a limit of $sn.

When using var_dump($user) I know that the variable has a value, but can't see why it doesn't work in SQL statement.

$photo=mysql_query("SELECT A. * FROM (
SELECT DISTINCT * FROM profile_images
WHERE approved='N'  
ORDER BY (username = $user) DESC, RAND()      
LIMIT $sn) 
as A ORDER BY RAND()");

Getting error message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@googlemail.com) DESC, RAND() LIMIT 9) as A ORDER BY RAND()' at line 4

Any help appreciated.

  • 写回答

1条回答 默认 最新

  • dongliao9018 2012-03-14 23:28
    关注

    Assuming $sn holds integer value and don't require escaping,

    $photo=mysql_query("SELECT A. * FROM ( 
    SELECT DISTINCT * FROM profile_images 
    WHERE approved='N'   
    ORDER BY (username = '".mysql_real_escape_string($user)."') DESC, RAND()       
    LIMIT $sn)  
    as A ORDER BY RAND()"); 
    

    In general, consider using PDO and bind parameters.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 微信红包不拆包 知道红包金额
  • ¥15 0基础学机器人运动控制要多久?
  • ¥15 .net core 怎么进行中英文转换
  • ¥15 数学的三元一次方程求解
  • ¥20 iqoo11 如何下载安装工程模式
  • ¥15 本题的答案是不是有问题
  • ¥15 关于#r语言#的问题:(svydesign)为什么在一个大的数据集中抽取了一个小数据集
  • ¥15 C++使用Gunplot
  • ¥15 这个电路是如何实现路灯控制器的,原理是什么,怎么求解灯亮起后熄灭的时间如图?
  • ¥15 matlab数字图像处理频率域滤波