在Sql中使用php变量
i have a form that is used to set a search term to a php variable VIA _GET so for example if the user typed cat the url would say ?search=cat
Here is the PHP variable that will be used in the SQL query
$search = 'CustomerAccountName LIKE '%' . $_GET['search'] . '%'';
When echoed this produces CustomerAccountName LIKE '%cat%' which is valid and works when using the query editor however when i try to place the $search variable in to the query in php i get this error
Warning: odbc_exec(): SQL error: [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect
syntax near '&'., SQL state 37000 in SQLExecDirect
any help would be much appreciated
我有一个表单,用于将搜索词设置为php变量VIA _GET,例如,如果用户 url会说的类型cat?search = cat p>
这是将在SQL查询中使用的PHP变量 p>
$ search ='CustomerAccountName LIKE'%'。 $ _GET ['search']。 '%'';
code> pre>
当回显时,会产生CustomerAccountName LIKE'%cat%',这是有效的,并且在使用查询编辑器时有效但是当我 尝试将$ search变量放入php中的查询中我得到此错误 p>
警告:odbc_exec():SQL错误:[Microsoft] [ODBC SQL Server驱动程序] [ SQL Server]'& amp;'附近的语法不正确。,SQLExecDirect中的SQL状态37000
code> pre>
任何帮助都将非常感谢 p>
DIV>
Just use plain single quotes.
$search = "CustomerAccountName LIKE '%".$_GET['search']."%';";
But don't build your query like this. Sanitize it before to prevent SQL injection.
$search = "CustomerAccountName LIKE '%" . $_GET['search'] . "%' ";