开发者

How can i Search using two variables in two different fields in MySQL

问答 作者:

This is the code that I have -- I can't make it work:

<?php require_once('../Connections/User.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE grade SET GSCode=%s, GSem=%s, GYear=%s, Grade=%s WHERE GStudNo=%s",
                       GetSQLValueString($_POST['GSCode'], "text"),
                       GetSQLValueString($_POST['GSem'], "text"),
                       GetSQLValueString($_POST['GYear'], "text"),
                       GetSQLValueString($_POST['Grade'], "text"),
                       GetSQLValueString($_POST['GStudNo'], "text"));

  mysql_select_db($database_User, $User);
  $Result1 = mysql_query($updateSQL, $User) or die(mysql_error());
}

mysql_select_db($database_User, $User);
$query_Recordset1 = sprintf("SELECT * 
           FROM grade 
          WHERE GSCode = '%s' AND GStudNo = '%s'",
        mysql_real_escape_string($_POST['a']),
        mysql_real_escape_string($_POST['b']));

$Recordset1 = mysql_query($query_Recordset1, $User) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
$query_Recordset1 = "SELECT * FROM grade WHERE GSCode = '$_POST[a]' $$ GStudNo =  '$_POST[b]'";
$Recordset1 = mysql_query($query_Recordset1, $User) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<form action="<?php echo $editFormAction; ?>" method="post" name="form1" id="form1">
  <table align="center">
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">GStudNo:</td>
      <td><?php echo $row_Recordset1['GStudNo']; ?></td>
    </tr>
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">GSCode:</td>
      <td><input type="text" name="GSCode" value="<?php echo htmlentities($row_Recordset1['GSCode'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
    </tr>
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">GSem:</td>
      <td><input type="text" name="GSem" value="<?php echo htmlentities($row_Recordset1['GSem'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
    </tr>
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">GYear:</td>
      <td><input type="text" name="GYear" value="<?php echo htmlentities($row_Recordset1['GYear'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
    </tr>
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">Grade:</td&开发者_如何学Pythongt;
      <td><input type="text" name="Grade" value="<?php echo htmlentities($row_Recordset1['Grade'], ENT_COMPAT, 'utf-8'); ?>" size="32" /></td>
    </tr>
    <tr valign="baseline">
      <td nowrap="nowrap" align="right">&nbsp;</td>
      <td><input type="submit" value="Update record" /></td>
    </tr>
  </table>
  <input type="hidden" name="MM_update" value="form1" />
  <input type="hidden" name="GStudNo" value="<?php echo $row_Recordset1['GStudNo']; ?>" />
</form>
<p>&nbsp;</p>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>

SQL uses AND in a condition, not &&.

Use AND instead of &&

And use sprintf to protect your variables:

sprintf("SELECT * 
           FROM grade 
          WHERE GSCode = '%s' AND GStudNo = '%s'",
        mysql_real_escape_string($_POST['a']),
        mysql_real_escape_string($_POST['b']));

Use and not &&.

mysql_query("select * from table where `one`='$_POST[one]' and `two`='$_POST[two]'") or die (mysql_error());

I think you mean

"SELECT * FROM grade WHERE GSCode = '{$_POST['a']}' and GStudNo = '{$_POST['b']}'"

Not only the 'and', but also the inclusion of the post value. Or did you actually mean to earch for the literal text: '$_POST[s]'? Which would still not work in the way you posted, because the PHP string parser tries to evaluate $_POST if you don't escape it.

继续阅读:mysql-error-1064phpsql

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9