在Sql中使用php变量

问题描述：

i have a form that is used to set a search term to a php variable VIA _GET so for example if the user typed cat the url would say ?search=cat

Here is the PHP variable that will be used in the SQL query

$search = 'CustomerAccountName LIKE &#39;%'  . $_GET['search'] . '%&#39;';

When echoed this produces CustomerAccountName LIKE '%cat%' which is valid and works when using the query editor however when i try to place the $search variable in to the query in php i get this error

Warning: odbc_exec(): SQL error: [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect
 syntax near '&amp;'., SQL state 37000 in SQLExecDirect

any help would be much appreciated

我有一个表单，用于将搜索词设置为php变量VIA _GET，例如，如果用户 url会说的类型cat？search = cat p>

这是将在SQL查询中使用的PHP变量 p>

  $ search  ='CustomerAccountName LIKE＆amp;＃39;％'。  $ _GET ['search']。  '％＆amp;＃39;'; 
  code>  pre> 
 
 当回显时，会产生CustomerAccountName LIKE'％cat％'，这是有效的，并且在使用查询编辑器时有效但是当我 尝试将$ search变量放入php中的查询中我得到此错误 p> 
 
 
 警告：odbc_exec（）：SQL错误：[Microsoft] [ODBC SQL Server驱动程序] [  SQL Server]'＆amp; amp;'附近的语法不正确。，SQLExecDirect中的SQL状态37000 
  code>  pre> 
 
 任何帮助都将非常感谢 p> 
   DIV>

答

Just use plain single quotes.

$search = "CustomerAccountName LIKE '%".$_GET['search']."%';";

But don't build your query like this. Sanitize it before to prevent SQL injection.

答

$search = "CustomerAccountName LIKE '%"  . $_GET['search'] . "%' ";

在Sql中使用php变量

相关推荐