I have been trying to write the the select statement to fetch from the products table using the combination of the companyid and customerid, I am very sure I'm not doing it the right way, kindly help me to write the right sql to fetch using these parameters.
我一直在尝试使用companyid和customerid的组合来编写select语句来从products表中获取,我非常确定我没有以正确的方式执行它,请帮我编写正确的sql来获取使用这些参数。
$customerid=$_SESSION['customersid'];
$companyid=$_SESSION['companyid'];
$test="SELECT producttype,quantity FROM product WHERE username= '" . mysql_real_escape_string($customerid) . "'" . 'AND'.mysql_real_escape_string($companyid) . "'" ;
2 个解决方案
#1
1
You must put the fieldname for the companyid in the query
您必须在查询中输入companyid的fieldname
$test="SELECT producttype,quantity FROM product WHERE username= '" . mysql_real_escape_string($customerid) . "'" . 'AND COMPANYID_FIELDNAME ='.mysql_real_escape_string($companyid) . "'" ;
#2
0
your syntax is incorrect. Try the following:
你的语法不正确。请尝试以下方法:
$customerid = mysql_real_escape_string($_SESSION['customersid']);
$companyid = mysql_real_escape_string($_SESSION['companyid']);
$test = "
SELECT producttype,quantity
FROM product
WHERE username='$customerid'
AND company='$companyid'
";
Btw, you should be using mysqli and not mysql since it is deprecated.
顺便说一句,你应该使用mysqli而不是mysql,因为它已被弃用。
#1
1
You must put the fieldname for the companyid in the query
您必须在查询中输入companyid的fieldname
$test="SELECT producttype,quantity FROM product WHERE username= '" . mysql_real_escape_string($customerid) . "'" . 'AND COMPANYID_FIELDNAME ='.mysql_real_escape_string($companyid) . "'" ;
#2
0
your syntax is incorrect. Try the following:
你的语法不正确。请尝试以下方法:
$customerid = mysql_real_escape_string($_SESSION['customersid']);
$companyid = mysql_real_escape_string($_SESSION['companyid']);
$test = "
SELECT producttype,quantity
FROM product
WHERE username='$customerid'
AND company='$companyid'
";
Btw, you should be using mysqli and not mysql since it is deprecated.
顺便说一句,你应该使用mysqli而不是mysql,因为它已被弃用。