mysql 中的引号过多
Too many quotation marks in mysql
我的问题是引号太多了。
$come = mysql_query("SELECT * FROM users WHERE email="$_POST['email']" and password="$_POST['password']" ");
然后我尝试了这个但是它不起作用...
$come = mysql_query("SELECT * FROM users WHERE email="/$_POST['email']/" and password="/$_POST['password']/" ");
请帮助我:/
$come = mysql_query("SELECT * FROM users WHERE email='".$_POST['email']."' and password='".$_POST['password']."' ");
试试这个应该可以解决您的问题。但是 mysql 已被弃用,请考虑 mysqli 或 pdo。
您问题的解决方案:
<?php
$come = mysql_query(sprintf('SELECT * FROM users WHERE email="%s" and password="%s"', $_POST['email'], $_POST['password']));
但是你永远不应该使用这样的代码。您的代码中有 SQL 注入。使用 PDO.
重写
<?php
$pdo = new PDO('mysql:host=127.0.0.1;dbname=mydb', 'user', 'password');
$stmt = $pdo->prepare('SELECT * FROM users WHERE email=:email and password=:password');
$stmt->execute(['email' => $_POST['email'], 'password' => $_POST['password']]);
$result = $stmt->fetchAll();
我的问题是引号太多了。
$come = mysql_query("SELECT * FROM users WHERE email="$_POST['email']" and password="$_POST['password']" ");
然后我尝试了这个但是它不起作用...
$come = mysql_query("SELECT * FROM users WHERE email="/$_POST['email']/" and password="/$_POST['password']/" ");
请帮助我:/
$come = mysql_query("SELECT * FROM users WHERE email='".$_POST['email']."' and password='".$_POST['password']."' ");
试试这个应该可以解决您的问题。但是 mysql 已被弃用,请考虑 mysqli 或 pdo。
您问题的解决方案:
<?php
$come = mysql_query(sprintf('SELECT * FROM users WHERE email="%s" and password="%s"', $_POST['email'], $_POST['password']));
但是你永远不应该使用这样的代码。您的代码中有 SQL 注入。使用 PDO.
<?php
$pdo = new PDO('mysql:host=127.0.0.1;dbname=mydb', 'user', 'password');
$stmt = $pdo->prepare('SELECT * FROM users WHERE email=:email and password=:password');
$stmt->execute(['email' => $_POST['email'], 'password' => $_POST['password']]);
$result = $stmt->fetchAll();