此代码在通过where命令添加命令时不起作用。ORDER BY和WHERE mysql和php
$sel = "SELECT * FROM items ORDER BY 'item_no' WHERE mainitem_id=".$_GET['cate_id'] ;
此代码在通过where命令添加命令时不起作用。ORDER BY和WHERE mysql和php
$sel = "SELECT * FROM items ORDER BY 'item_no' WHERE mainitem_id=".$_GET['cate_id'] ;
使用ORDER BY你查询的末尾:
$sel = "SELECT * FROM items WHERE mainitem_id='".addslashes($_GET['cate_id'])."' ORDER BY item_no;
$sel = "SELECT * FROM items
WHERE mainitem_id='".$_GET['cate_id']."'
ORDER BY item_no";
但是请注意,你的代码是vurnerable到SQL注入。请解决这个问题。见here
用途:
$sel = "SELECT * FROM items WHERE mainitem_id=".mysqli_real_escape_string($conn, $_GET['cate_id'])."ORDER BY 'item_no'" ;
mysqli_real_escape_string()
会保护你免受SQL注入。
GET变量更容易为sql injections.So做检查http://php.net/manual/en/security.database.sql-injection.php
$cate_id = mysql_real_escape_string($_GET['cate_id']); //or any proper similar function (mysqli recommended)
$sel = "SELECT * FROM items WHERE mainitem_id='$cate_id' ORDER BY 'item_no'";
对不起仍然无法正常工作和我建立由MySQL的所有页面 – user2424747