0
前三個查詢工作正常,但最後一個不是。第二屆查詢與$status !== ''好嗎工作,但最後一個具有相同$status !== ''不執行查詢任何一個可以幫助我需要幫助mysql查詢
if (isset($_POST['go'])) {
$status = $_POST[status];
if ($status == 4){
$status = '' ;
}
if ($topic == 100 && $subtopic == '' && $status == '') {
$queryString = "select * from tblquiz where userid='$_SESSION[numericuserid]' LIMIT $start, $limit" ;
$countString = "select * from tblquiz where userid='$_SESSION[numericuserid]'";
} // NOTE : THIS QUERY IS WORKING PERFECT
elseif ($topic !== '' && $subtopic !== '' && $status !== '') {
$queryString = "select * from tblquiz where qstatus=$status AND qtopic='$topic[topicname]' AND subtopic='$_POST[subtopic]' AND userid='$_SESSION[numericuserid]' LIMIT $start, $limit" ;
$countString = "select * from tblquiz where qstatus=$status AND qtopic='$topic[topicname]' AND subtopic='$_POST[subtopic]' AND userid='$_SESSION[numericuserid]'";
} // NOTE : THIS QUERY IS WORKING PERFECT
elseif ($topic !== '' && $subtopic !== '' && $status == '') {
$queryString = "select * from tblquiz where qtopic='$topic[topicname]' AND subtopic='$_POST[subtopic]' AND userid='$_SESSION[numericuserid]' LIMIT $start, $limit" ;
$countString = "select * from tblquiz where qtopic='$topic[topicname]' AND subtopic='$_POST[subtopic]' AND userid='$_SESSION[numericuserid]'";
} // NOTE : THIS QUERY IS WORKING PERFECT
elseif ($topic == 100 && $subtopic == '' && $status !== '') {
$queryString = "select * from tblquiz where qstatus= $status AND userid='$_SESSION[numericuserid]' LIMIT $start, $limit" ;
$countString = "select * from tblquiz where qstatus= $status AND userid='$_SESSION[numericuserid]' ";
} **// NOTE : THIS QUERY IS NOT WORKING**
}
不是一個答案,但是現在有一個很大的機會,你有一個[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)易受攻擊的應用程序。 – PeeHaa
qstatus缺少引號? – feathj
99%的問題是由於沒有使用正確的[SQL佔位符](http://bobby-tables.com/php)來完成您的查詢構建而造成的。如果你使用這些技術,你不會有這樣的問題。你現在擁有它的方式,這些查詢完全運行將會是純粹的運氣。 – tadman