1. 首頁
  2. 問答
  3. 如果函數裏面的sql查詢?

如果函數裏面的sql查詢?

2009-12-09 52 views
0 
function get_tags_by_criteria($gender_id, $country_id, $region_id, $city_id, $day_of_birth=NULL, $tag_id=NULL, $thread_id=NULL) { 

    $query = "SELECT tags.* 
     FROM tags, thread_tag_map, threads 
     WHERE thread_tag_map.thread_id = threads.id 
     AND thread_tag_map.tag_id = tags.id 

     AND threads.gender_id = $gender_id 
     AND threads.country_id = $country_id 
     AND threads.region_id = $region_id 
     AND threads.city_id = $city_id 
     AND tags.id LIKE '%$tag_id%' 
     AND threads.id LIKE '%$thread_id%'"; 
     if(!$day_of_birth) 
     { 
      $query += "AND threads.min_day_of_birth <= '$day_of_birth AND threads.max_day_of_birth >= '$day_of_birth' "; 
     } 

     $query += "GROUP BY tags.name"; 

    $result = $this->do_query($query); 
    return $result; 
}

如果沒有$ day_of_birth作爲參數傳遞,我希望sql忽略if中的2行。我用:如果函數裏面的sql查詢?

$all_tags = $forum_model->get_tags_by_criteria(1, 1, 0, 0);

我不知道爲什麼這個SQL返回一個錯誤:

Couldn't execute query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0' at line 1

來源

2009-12-09 never_had_a_name

+1

最後的查詢看起來像什麼? echo $ query; – Galen 2009-12-09 16:53:46

+0

+1給蓋倫,只是迴應這個問題會讓你意識到很多人下面指出的問題。 – Simon 2009-12-09 16:57:12

回答

0

=用於在PHP字符串連接,而不是+ =

來源

2009-12-09 16:53:41 Simon

+0

也放了一個空格,並在if語句中加入了空格 – Galen 2009-12-09 16:54:46

1

你的問題是,你的出生日期留下了'

將其更改爲AND threads.min_day_of_birth <= '$day_of_birth'(注關閉'開放
此外,正如其他人所指出的那樣,你應該寫$query .=代替$query += (注意.

您有SQL注入漏洞;你應該使用參數。
Remember Bobby Tables!

來源

2009-12-09 16:55:03 SLaks

+0

LOL,那個Bobby Tables有點搞笑!謝謝你的好笑:)。 – dcp 2009-12-09 16:57:52

+0

博比桌子?那是什麼? – 2009-12-09 22:01:48

+0

點擊鏈接。 – SLaks 2009-12-09 23:18:28

1

有在附加字符串中缺少之間的空白

來源

2009-12-09 16:55:15 yedpodtrzitko

0

您還可以在查詢中使用佔位符。如果一個選項/參數設置的腳本設置佔位符的內容到適當的SQL代碼否則佔位符是空/空。

例如

function get_tags_by_criteria($gender_id, $country_id, $region_id, $city_id, $day_of_birth=NULL, $tag_id=NULL, $thread_id=NULL) { 
    if (!is_null($day_of_birth)) { 
    $day_of_birth = "AND ('$day_of_birth' BETWEEN threads.min_day_of_birth AND threads.max_day_of_birth)" 
    } 

    $query = " 
    SELECT 
     tags.* 
    FROM 
     tags, thread_tag_map, threads 
    WHERE 
     thread_tag_map.thread_id = threads.id 
     AND thread_tag_map.tag_id = tags.id 
     AND threads.gender_id = $gender_id 
     AND threads.country_id = $country_id 
     AND threads.region_id = $region_id 
     AND threads.city_id = $city_id 
     AND tags.id LIKE '%$tag_id%' 
     AND threads.id LIKE '%$thread_id%' 
     {$day_of_birth} 
    GROUP BY 
     tags.name 
    "; 

    $result = $this->do_query($query); 
    return $result; 
}

編輯:如前所述:記住可能的sql注入。

來源

2009-12-09 17:09:06 VolkerK

相關問題

 相關問題