开发者

Unknown column 'mush' in 'where clause'

问答 作者:

I was testing a simple employee application and got this Unknown column 'mush' in 'where clause' error. Ther开发者_运维百科e is someone called 'mush' in the name's column.

Here's my code 

 <?php 
 // Connects to your Database 
 mysql_connect("localhost", "myuser", "mypass") or die(mysql_error()) ; 
 mysql_select_db("peoplesdb") or die(mysql_error()) ; 

 //Retrieves data from MySQL 
$data = mysql_query("SELECT * FROM employees WHERE name = $_GET[name]") or die(mysql_error()); 
echo "<table border=\"1\">";
echo "<tr>";
echo "<th>First Name:</th>";
echo " <td>Last Name</td>";
echo "</tr>";
echo "<tr>";
echo "<th rowspan=\"3\"><img src=\"../about/images/".$data['photo']."\" width=\"205\" height=\"205\" alt=\"\" title=\"\"></th>";

echo $data['name'];
echo "<td>".$data['name'] ."</td>";
echo "</tr>";
echo "<tr>";
echo "<td>".$data['lastname'] ."</td>";
echo "</tr>";
echo "</table>";
?>

The aim was to display the detail on a table with a picture to the left of the table. Here's how I tried calling the application:

http://localhost:8080/displaymembers.php?name=mush.

I have a table which contains these columns:

name, photo, telephone, lastname and dob.

Is there anything I'm going wrong that stops the details from displaying? I would like your help.

Helen.

First, you need to quote your inputs, second you need to escape them:

mysql_query("SELECT * FROM employees WHERE name = '".
   mysql_real_escape_string( $_GET['name'] ) ."'");

You need to enclose it in quotes - e.g. 

SELECT * FROM employees WHERE name = '{$_GET[name]}'

I would also suggest you use mysql_real_escape_string:

$data = mysql_query("SELECT * FROM employees WHERE name = '" . mysql_real_escape_string($_GET['name']) . "';") or die(mysql_error());

Try those put single quotes around your variable.

$_GET['name'];

And use mysql_real_escape_string to avoid SQL Injections.

you should try

$data = mysql_query("SELECT * FROM `employees` WHERE `name` = '".mysql_real_escape_string($_GET['name'])."'") or die(mysql_error());

as name may be reserved for mysql purposes, and I believe it is ...

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9