如何在mysql_query中添加变量

我想添加$query_bookname和$query_author之后$_GET['category'] 我该怎么做？（双和单引号混淆了我很多）如何在mysql_query中添加变量

$query_bookname = "AND book_name LIKE '%".$_GET['book_name']."%' "; 
$query_author = "AND author LIKE '%".$_GET['author']."%' "; 

$result = mysql_query(" 
    SELECT * FROM book 
    WHERE cate_name = '".$_GET['category']."' AND status = 1 
");

来源

2014-03-28 Ming

除了SQL注入攻击，我认为你正在做正确的方式.. –

试试这个

$result = mysql_query(" 
    SELECT * FROM book 
    WHERE cate_name = '".$_GET['category']." ".$query_author." ".$query_author." AND status = 1 
");

来源

2014-03-28 06:10:50

你想这样做，但你需要解决的弱点在你的代码（每尚卡尔达莫达伦）：

$result = mysql_query(" 
SELECT * FROM book 
WHERE cate_name = '".$_GET['category']."' AND status = 1 
$query_bookname 
$query_author 
");

来源

2014-03-28 06:11:31 markdwhite

试试这个

$result = mysql_query(" 
    SELECT * FROM book 
    WHERE cate_name = '".$_GET['category']."' AND status = 1 
    $query_bookname 
    $query_author 
");

来源

2014-03-28 06:14:04 Sadikhasan

你可以试试这个方法

$result = mysql_query("SELECT * FROM book 
    WHERE cate_name = '".$_GET['category']."' AND ".$query_bookname.$query_bookname." status = 1");

来源

2014-03-28 06:16:34 vijay

-1

$query_bookname = ''; $query_author = ''; 
if(isset($_GET['book_name']) && $_GET['book_name']!=''){ 
    $query_bookname = " AND book_name LIKE '%".$_GET['book_name']."%' "; 
} 
if(isset($_GET['author']) && $_GET['author']!=''){ 
$query_author = " AND author LIKE '%".$_GET['author']."%' "; 
} 
$result = mysql_query("SELECT * FROM book WHERE cate_name = '".$_GET['category']."' $query_bookname $query_author AND status = 1");

来源

2014-03-28 06:19:19 Grspal

PHP代码：

$q=""; 
$q .= " AND book_name LIKE '%".$_GET['book_name']."%' "; 
$q .= " AND author LIKE '%".$_GET['author']."%' "; 
$result = mysql_query("SELECT * FROM book WHERE cate_name = '".$_GET['category']."' AND status = 1 $q");

来源

2014-03-28 06:47:26 user3102066

考虑添加以下代码的一些解释请。 –

如何在mysql_query中添加变量

回答

相关问题