dou91855 2013-09-23 16:44
浏览 135

如何在SQL select语句中使用php变量

I want to get some data from sql server using php but the sql doesn't seem reading the php variable 

<?php
$q = $_POST["fl"];
echo $foo;
if ($_POST["fl"] == true);
{
$conn1=odbc_connect('SQLDB','','');
if (!$conn1)
{exit("Connection Failed: " . $conn1);}

 $sql1= "SELECT * FROM dbo.Audit WHERE Details = '$q'";
 $rs1=odbc_exec($conn1,$sql1);
 if (!$rs1)
 {exit("Error in SQL");}
while (odbc_fetch_row($rs1))
  • 写回答

5条回答 默认 最新

  • douxie2023 2013-09-23 16:47
    关注

    First things first, please sanitize the post before you put it inside an SQL query. You have to use htmlentities or even better, PDO.

    Second, you can try this if your current one doesn't work:

    $sql1 = "SELECT * FROM dbo.Audit WHERE Details = '".$q."'";
    评论

报告相同问题?

悬赏问题

  • ¥15 apm2.8飞控罗盘bad health,加速度计校准失败
  • ¥15 求解O-S方程的特征值问题给出边界层布拉休斯平行流的中性曲线
  • ¥15 谁有desed数据集呀
  • ¥20 手写数字识别运行c仿真时,程序报错错误代码sim211-100
  • ¥15 关于#hadoop#的问题
  • ¥15 (标签-Python|关键词-socket)
  • ¥15 keil里为什么main.c定义的函数在it.c调用不了
  • ¥50 切换TabTip键盘的输入法
  • ¥15 可否在不同线程中调用封装数据库操作的类
  • ¥15 微带串馈天线阵列每个阵元宽度计算