0
此代码在通过where命令添加命令时不起作用。ORDER BY和WHERE mysql和php
$sel = "SELECT * FROM items ORDER BY 'item_no' WHERE mainitem_id=".$_GET['cate_id'] ;
A
回答
1
使用ORDER BY你查询的末尾:
$sel = "SELECT * FROM items WHERE mainitem_id='".addslashes($_GET['cate_id'])."' ORDER BY item_no;
2
$sel = "SELECT * FROM items
WHERE mainitem_id='".$_GET['cate_id']."'
ORDER BY item_no";
但是请注意,你的代码是vurnerable到SQL注入。请解决这个问题。见here
0
用途:
$sel = "SELECT * FROM items WHERE mainitem_id=".mysqli_real_escape_string($conn, $_GET['cate_id'])."ORDER BY 'item_no'" ;
mysqli_real_escape_string()会保护你免受SQL注入。
GET变量更容易为sql injections.So做检查http://php.net/manual/en/security.database.sql-injection.php
0
$cate_id = mysql_real_escape_string($_GET['cate_id']); //or any proper similar function (mysqli recommended)
$sel = "SELECT * FROM items WHERE mainitem_id='$cate_id' ORDER BY 'item_no'";
相关问题
- 1. MySQL group by和Where
- 2. MYSQL GROUP BY和WHERE子句
- 3. PHP和MySQL WHERE和
- 4. rowCount where和OR与MySQL和PHP
- 5. Mysql COUNT,GROUP BY和ORDER BY
- 6. mysql WHERE和LAST
- 7. MySQL group by where day <= x
- 8. MySQL查询,MAX()+ GROUP BY + WHERE
- 9. mysql order-by original“where order”
- 10. MySQL的GROUP BY和和值
- 11. MySQL查询ORDER BY和PHP造型
- 12. PHP和MySQL ORDER BY date_time错误
- 13. MySQL ORDER BY语句和PHP变量
- 14. MySQL Group By和HAVING
- 15. MySQL SELECT和ORDER BY
- 16. MYSQL GROUP BY和COUNT
- 17. MySQL EXISTS和ORDER BY
- 18. MYSQL JSON_MERGE和GROUP BY
- 19. MySQL GROUP BY和COUNT
- 20. Mysql UNION和GROUP BY
- 21. MySQL - JOIN和GROUP BY
- 22. MySQL JOIN和GROUP BY
- 23. Mysql的 “where” 和 “和” 多行
- 24. PHP和MySQL可选WHERE条件
- 25. 使用“JOIN”,“WHERE”和“IN”(mysql + php)
- 26. UPDATE,JOIN和WHERE MySQL
- 27. MySql“Select Where”和C#
- 28. MYSQL查询需要花费太多时间,使用where,group by和order by
- 29. 如何在MySQL中一起使用WHERE和GROUP BY?
- 30. MySQL使用WHERE和GROUP BY年(),月()的2列的平均值
对不起仍然无法正常工作和我建立由MySQL的所有页面 – user2424747