I'm trying to turn this:
"SELECT username FROM $table WHERE username='$newName'"
Into this:
"SELECT $column FROM $table WHERE $column='$newName'"
But when I use or die() on it, I get an error saying that there is incorrect syntax near WHERE username='someNameHere'. What is the correct way to substitute the column name, assuming that's what's wrong?
Edit: Code is just this. The values should be correct as I don't see any mispellings in the error.
$sql = "SELECT $column FROM $table WHERE $column='$newName'";
$result = mysql_query($sql) or die( mysql_error());
解决方案
Make your query like this
$sql = "SELECT ".$column." FROM ".$table." WHERE ".$column."='".$newName."'"
BTW this is SQLinjection vulnerable code. You should check the variables before using them in query. Also you should start using mysqli and prepared statements
扫一扫
2331
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
