问题描述:

I am trying to create a script that selects all users in a given MySQL Column by a given term and city. The city will be specific to the member but each member could have 3 or 4 different positions (bartender, server, host etc). The code I am trying to use is below, however, it is giving me an error. Let me know if you need more information. Thanks!

Could not find staff: Unknown column 'Bartender' in 'where clause'

 

<?php

$perpage = 15;

$city = $_GET['city'];

$type = $_GET['type'];

if(isset($_GET["page"]))

{

$page = intval($_GET["page"]);

}

else

{

$page = 1;

}

$calc = $perpage * $page;

$start = $calc - $perpage;

$result = mysql_query("SELECT * FROM staff WHERE titles LIKE $type AND city=$city LIMIT $start, $perpage");

$rows = mysql_num_rows($result);

if($rows)

{

$i = 0;

while($post = mysql_fetch_array($result))

{

?>

<tr style="background-color: #cccccc;">

<td style="font-weight: bold;font-family: arial;"><?php echo $post["staffnum"]; ?> >> <?php echo $post["titles"]; ?></td>

</tr>

<tr>

<td style="font-family: arial;padding-left: 20px;"><?php echo $post["abt1"]; ?></td>

</tr>

<?php

}

} else {

die('Could not find staff: ' . mysql_error());

}

?>

网友答案:

In order to use LIKE as you want, you need to wrap it in quotes and use the appropriate % characters.

$type = mysql_real_escape_string($_GET['type']);
// do the same with $city and any other user input

$result = mysql_query("SELECT * FROM staff WHERE titles LIKE '%" . $type . "%' AND city='" . $city . "' LIMIT $start, $perpage");
网友答案:

Try

$type = mysql_real_escape_string($_GET['type']);
$city = mysql_real_escape_string($_GET['city']);

$result = mysql_query("SELECT * FROM staff WHERE titles LIKE '%$type%' AND city='$city' LIMIT $start, $perpage");
相关阅读:
Top