SELECT username FROM member WHERE username = ' ' ';
我尝试添加$username
到MySQL查询如下。但是查询失败,SQL语法错误。
$username = $this->input->post('username');
$sql = "SELECT * FROM temp_user UNION SELECT * FROM member WHERE username = ".$username."";
$query = $this->db->query($sql);
这个查询有什么问题?
这里是错误信息错误编号:1064
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1
SELECT * FROM temp_user UNION SELECT * FROM member WHERE username =
Filename: C:/xampp/htdocs/dex/system/database/DB_driver.php
Line Number: 691
像这样试试,不需要字符串连接
$sql = "SELECT * FROM temp_user UNION SELECT * FROM member WHERE username = '$username'";
SQL语法错误很可能是由于这一部分:
"... WHERE username = ".$username."";
应该转义$username
"... WHERE username = ".$this->db->escape($username);
其中$conn
为表示链接标识符的mysqli
对象。
解决了!!因为我不能在联合
中使用* (*)$sql = "SELECT username FROM temp_user WHERE username = '".$username."'