$query="SELECT * FROM t_News where $select = \"$textfield\"" ;下划线不是这样加的。不要带下划线。如果想转义,就这样:
$textfield=addslashes($textfield);
$query="SELECT * FROM t_News where $select = "$textfield" ;
$textfield=addslashes($textfield);
$query="SELECT * FROM t_News where $select = "$textfield" ;
$query="SELECT * FROM t_News where $select ='$textfield'"要用addslashes的话还得在PHP.ini里面配置maqic_quotes_gpc选项
<HEAD>
<TITLE>test</TITLE>
</HEAD>
<BODY>
<table>
<form method="post" action="<?=$_SERVERS['PHP_SELF'];?>?select=<?=$select;?>&textfield=<?=$textfield;?>">
<tr>
<td height="27" colspan="2"> <span class="style2">关键字:</span>
<input name="textfield" type="text" size="8" >
</td>
</tr>
<tr>
<td colspan="2">
<select name="select">
<option selected value="TITLE">新闻标题</option>
<option value="KEYWORD">新闻内容</option>
</select>
<input type="submit" name="Submit" value="搜索">
</td>
</tr>
</form></table>
</BODY>
</HTML> <?$select=$_REQUEST["select"];
$textfield=$_REQUEST["textfield"];ECHO "select=".$select."<BR>";
ECHO "textfield=".$textfield."<BR>"; if(!$textfield)
{
echo "查询全部";
}
else
{
echo "按条件查询";
}?>
还有你的sql语句$query="SELECT * FROM t_News where $select = \"$textfield\"" ;
这样写可能会更好些:$query="SELECT * FROM t_News where $select = '".$textfield."'" ;你这个是搜索的,为何不用模糊匹配?$query="SELECT * FROM t_News where $select like '%$textfield%" ;
$select=$_REQUEST["select"];
$textfield=$_REQUEST["textfield"];
不行,用:
$select=$_POST["select"];
$textfield=$_POST["textfield"];
还是不行,地址栏里显示:
http://localhost/news/$PHP_SELF?select=&textfield=
action="$PHP_SELF?select=<?php echo($select)?>
这个action写错了,$PHP_SELF没有用<?php ?>括起来。
谢谢各位了,结帖了