drqj8605 2014-10-20 10:16
浏览 48
已采纳

在Sql中使用php变量

i have a form that is used to set a search term to a php variable VIA _GET so for example if the user typed cat the url would say ?search=cat

Here is the PHP variable that will be used in the SQL query

$search = 'CustomerAccountName LIKE '%'  . $_GET['search'] . '%'';

When echoed this produces CustomerAccountName LIKE '%cat%' which is valid and works when using the query editor however when i try to place the $search variable in to the query in php i get this error

Warning: odbc_exec(): SQL error: [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect
 syntax near '&'., SQL state 37000 in SQLExecDirect 

any help would be much appreciated

  • 写回答

2条回答 默认 最新

  • douchan6512 2014-10-20 10:18
    关注

    Just use plain single quotes.

    $search = "CustomerAccountName LIKE '%".$_GET['search']."%';";
    

    But don't build your query like this. Sanitize it before to prevent SQL injection.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题