ÇóÖú!!mysqlÊý¾Ý¿â²éѯÎÊÌâ - PHP / »ù´¡±à³Ì

ÕâÊÇÎÒµÄÒ»¶Î´úÂë:
<?php

$store_poster=$_POST['poster'];
$store_title=$_POST['title'];
$store_message=$_POST['message'];
$store_parent=$_POST['parent'];£¨parent ÊǸöÊý×Ö£¬ÆäËüµÄ¶¼ÊÇ×Ö·û´®£©

//check not a duplicate
$conn=mysql_connect('localhost','root','lvliangwei');

mysql_select_db('lvyou', $conn) or die ('Can\'t use lvyou : ' . mysql_error());

$query="select header.postid from header ,body where 
header.postid=body.postid and 
header.parent=".$store_parent." and
header.poster='".$store_poster."' and
header.title='".$store_title."' and
body.message='".$store_message."'";

$result=mysql_query($query)or die("invalid query: " . mysql_error());

if(!$result){return false;}

$num_rows=mysql_num_rows($result);

ÔÚä¯ÀÀÆ÷ÖÐÔËÐÐʱ³öÏÖÈëÏÂÌáʾ£º


invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server 

version for the right syntax to use near 'and header.poster= and header.title= and body.message='


ÕâÊÇÔõô»ØÊ ÎÒµÄ$queryÓï¾ä¸³ÖµÓдíô£¿

---

$store_poster $store_title $store_message ¶¼ÊÇ¿Õ
Äã°ÑÄÇЩֵ給ÉÏ

---

addslashes

---

Óï¾äÊÇûÓÐÎÊÌ⣬Ӧ¸ÃÊÇÄã²åÈëµÄÖµµÄÎÊÌâ¡£¿ÉÄÜÊÇûÓн«