How do I compare input to mysql data with php/sql?

2019-07-07 00:18发布

站内问答 / PHP
1448 4 6

I'm new to working with PHP and a mySQL DB. I"m trying to make a user input there user name(UN) to enter this one part of my site. I have a mySQL DB(test) with a users table called "test". I know that I'm connecting ok, because I tested it by creating a simple page to open the DB and list all the users(from the UN field), or select a specific one. I then created a page called "input.php" for a test of getting input. As seen here> 

<html>
 <body>
 <form action="test.php" method="get">
 UN: <input type="text" name="U">
 <input type="submit">
 </form>
 </body>
 </html>

The input from above goes to "test.php" below where it is checked with current data in my DB.

<?php
$hostname = "test.db.some#.somehost.com";
    $username = "test";
    $dbname = "test";
$password = "password";
$usertable = "test";
$yourfield = "UN";
    mysql_connect($hostname, $username, $password) OR DIE ("Unable to 
        connect to database! Please try again later.");
    mysql_select_db($dbname);
$query = "SELECT * FROM $usertable WHERE $yourfield = $_GET["U"]";
    $result = mysql_query($query);
    if ($result) {
        while($row = mysql_fetch_array($result)) {
                $name = $row["$yourfield"];
                echo "Hello: $name<br>";
            }
    }
    else {
        echo "User dosen't exit!";
    }
    mysql_close();
?>

And this is the error I get> *Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/content/81/11107981/html/test.php on line 20*

I know I'm close, but I want the cigar. ;)

4条回答
Luminary・发光体
2楼-- · 2019-07-07 00:52

You should write the query like this instead:

$query = "SELECT * FROM $usertable WHERE $yourfield = '" . $_GET["U"] . "'";

Or you can write it like this:

$query = "SELECT * FROM $usertable WHERE $yourfield = '{$_GET["U"]}'";
查看更多
0人赞 添加讨论(0) 举报
该账号已被封号
3楼-- · 2019-07-07 00:55

mysql_* are deprecated. You should avoid them.

Change 

mysql_connect($hostname, $username, $password) OR DIE ("Unable to 
    connect to database! Please try again later.");

to

$connection = mysql_connect($hostname, $username, $password) OR DIE ("Unable to 
connect to database! Please try again later.");

,

$query = "SELECT * FROM $usertable WHERE $yourfield = $_GET["U"]";

to

$query = "SELECT * FROM $usertable WHERE $yourfield = '".$_GET["U"]."'";

And

mysql_close();

to 

mysql_close($connection);
查看更多
0人赞 添加讨论(0) 举报
Root(大扎)
4楼-- · 2019-07-07 01:06

your first problem is solved but here is the solution to your second problem along with the help to convert this code to mysqli

<?php
$hostname = "test.db.some#.somehost.com";
$username = "test";
$dbname = "test";
$password = "password";
$usertable = "test";
$yourfield = "UN";
$connect   =  mysqli_connect($hostname, $username, $password) OR DIE ("Unable to 
    connect to database! Please try again later.");
mysqli_select_db($dbname);

/* You can combine the above two lines in oen in mysqli by giving db name as fourth parameter
 mysqli_connect($hostname, $username, $password, $dbname)

*/

$query = "SELECT * FROM $usertable WHERE $yourfield = $_GET["U"]";
$result = mysqli_query($query);
$rowSelected   = mysqli_num_rows($result);
if ($rowSelected ) {
    while($row = mysqli_fetch_array($result)) {
            $name = $row["$yourfield"];
            echo "Hello: $name<br>";
        }
}
else {
    echo "User dosen't exit!";
}
mysqli_close($connect);
?>

mysql_query or mysqli_query will return the resource .. and that will be true irrespective of whether rows are fetched or not ..what you need to check if there is any data that is being fetched in actual .. so use mysqli_num_rows(mysqli version of mysql_num_rows)

查看更多
0人赞 添加讨论(0) 举报
ゆ 、 Hurt°
5楼-- · 2019-07-07 01:16

I think the problem is that you don't escape the quotes in the query:

Try the following: 

$u = $_GET['u'];
$query = "SELECT * FROM $usertable WHERE $yourfield = " . $u;
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)