我想添加$query_bookname
和$query_author
之后$_GET['category']
我该怎么做? (双和单引号混淆了我很多)如何在mysql_query中添加变量
$query_bookname = "AND book_name LIKE '%".$_GET['book_name']."%' ";
$query_author = "AND author LIKE '%".$_GET['author']."%' ";
$result = mysql_query("
SELECT * FROM book
WHERE cate_name = '".$_GET['category']."' AND status = 1
");
除了SQL注入攻击,我认为你正在做正确的方式.. –