我目前被困在將下面的SQL查詢轉換爲準備好的語句。如何將SQL查詢轉換爲準備好的語句PHP
$XSS_BLOCK2 = "22-07-2004";
$XSS_BLOCK3 = "20-05-2016";
$dateswitch1 = date("Y-m-d", strtotime($XSS_BLOCK2));
$dateswitch2 = date("Y-m-d", strtotime($XSS_BLOCK3));
$securesqlstring = $secureconn->prepare("SELECT * FROM Lateday WHERE $dateswitch1 AND $dateswitch2 BETWEEN StartDate AND EndDate");
例如,工作代碼$securesqlstring = $secureconn->prepare("SELECT * FROM Lateday WHERE '2004-07-22' AND '2016-05-20' BETWEEN StartDate AND EndDate");
代碼示例:目前
$XSS_BLOCK2 = "22-07-2004";
$XSS_BLOCK3 = "20-05-2016";
$dateswitch1 = date("Y-m-d", strtotime($XSS_BLOCK2));
$dateswitch2 = date("Y-m-d", strtotime($XSS_BLOCK3));
$securesqlstring = $secureconn->prepare("SELECT * FROM Lateday WHERE ? AND ? BETWEEN StartDate AND EndDate");
$securesqlstring->bindParam(1,$dateswitch1);
$securesqlstring->bindParam(2,$dateswitch2);
$securesqlstring->execute();
不工作。工作update語句的
的例子,在另一個項目中,我想將SQL查詢轉換上面的東西像下面的示例工作:
$id = $_POST["id"];
$stocklevel = $_POST["stocklevel"];
$XSS_Block1 = htmlentities ($id, ENT_QUOTES, "UTF-8");
$XSS_Block2 = htmlentities ($stocklevel, ENT_QUOTES, "UTF-8");
$conn = new PDO("mysql:host=localhost;dbname=;","","");
$mattssqlstring = $conn->prepare("UPDATE `products` SET stocklevel=stocklevel-? WHERE ID=? and stocklevel = ?");
$mattssqlstring->bindParam(1,$XSS_Block2);
$mattssqlstring->bindParam(2,$XSS_Block1);
$mattssqlstring->bindParam(3,$XSS_Block2);
$mattssqlstring->execute();
首先'其中$ dateswitch1'是沒有意義的。你的意思是像'WHERE $ dateswitch1 IS NOT NULL'之類的東西嗎? – apokryfos
它通過檢查數據庫中的最佳日期匹配來工作,它通過檢查數據庫中兩個日期值來檢查兩個日期。信息它可以在這裏找到:http://stackoverflow.com/questions/37226254/how-to-get-the-nearest-date-match-in-php-from-a-sql-database – Mattlinux1
什麼錯誤或其他你會得到什麼症狀? 「不工作」不是對問題非常有幫助的描述。 – jotik