2015-10-01 158 views
2

我有一些PHP腳本與mysql_query一起工作,但現在我正在嘗試將其更改爲PDO(以減少他們所說的脆弱性和安全性),但我在使用條件選擇查詢時遇到了一些問題。 我有以下代碼:有條件的選擇查詢與PDO

$querydatahora = $conn->prepare('SELECT 
    Linhas.NomeLinha, Maquinas.Nome as maquina, Tecnicos.Nome, Avarias.DataHoraInicioAvaria, 
    Avarias.DataHoraFimAvaria, Avarias.Descricao, Avarias.Solucao, Avarias.TipoSolucao 
    FROM Avarias, Tecnicos, Linhas, Maquinas, avariatecnico 
    where Linhas.IDLinha = Avarias.IDLinha and avariatecnico.IDAvaria = avarias.IDAvaria and Avariatecnico.IDTecnico = Tecnicos.IDTecnico and 
    Maquinas.IDMaquina = Avarias.IDMaquina and DataHoraInicioAvaria >= :datetimepicker AND DataHoraFimAvaria <= :datetimepicker1 '); 


if($_SESSION['IDLinha']) { 
    $querydatahora .= $conn->prepare(" AND Avarias.IDLinha = :IDLinha AND Avarias.IDMaquina = :IDMaquina order by DataHoraInicioAvaria DESC LIMIT $startrow, 9"); 
} else{ 
    $querydatahora .= $conn->prepare(" order by DataHoraInicioAvaria DESC LIMIT $startrow, 9"); 
} 

$querydatahora->execute(array(
    ':datetimepicker' => $_SESSION['datetimepicker'], 
    ':datetimepicker1' => $_SESSION['datetimepicker1'], 
    ':IDLinha'   => $_SESSION['IDLinha'], 
    ':IDMaquina'  => $_SESSION['IDMaquina']) 
); 

if($_SESSION['IDLinha']) { 
    $querycount .= $conn->prepare(' AND Avarias.IDLinha = :IDLinha AND Avarias.IDMaquina = :IDMaquina'); 
} 

$querycount->execute(array(
    ':datetimepicker' => $_SESSION['datetimepicker'], 
    ':datetimepicker1' => $_SESSION['datetimepicker1'], 
    ':IDLinha'   => $_SESSION['IDLinha'], 
    ':IDMaquina'  => $_SESSION['IDMaquina']) 
); 

我得到的錯誤是:

Catchable fatal error: Object of class PDOStatement could not be converted to string in C:\xxxxxxxxxxxxxxxxxxxxxxxxxx.php on line 52

我不是專家對這個的話,也許我正在做一些錯誤。所有幫助表示讚賞

+3

'準備()'返回'PDOStatement'對象,它就是你的例外是從哪裏來的,它不是一個字符串。您應該只傳遞'prepare()'完整的查詢,即將SQL查詢(使用佔位符)生成一個字符串,然後運行'prepare()'傳遞完整的查詢字符串。 –

+2

您需要在調用$ conn-> prepare之前組裝您的查詢... $ querydatahora不像您想象的那樣是一個像「SELECT ...」這樣的字符串,而是一個對象htat接收到基於該字符串的預準備語句。 –

+2

如果您使用加入,我認爲會更容易... – rray

回答

1

你必須先建立一個查詢字符串。

$querydatahora = 'SELECT Linhas.NomeLinha, Maquinas.Nome as maquina, Tecnicos.Nome, Avarias.DataHoraInicioAvaria, Avarias.DataHoraFimAvaria, Avarias.Descricao, Avarias.Solucao, Avarias.TipoSolucao 
FROM Avarias, Tecnicos, Linhas, Maquinas, avariatecnico where Linhas.IDLinha = Avarias.IDLinha and avariatecnico.IDAvaria = avarias.IDAvaria and Avariatecnico.IDTecnico = Tecnicos.IDTecnico and 
Maquinas.IDMaquina = Avarias.IDMaquina and DataHoraInicioAvaria >= :datetimepicker AND DataHoraFimAvaria <= :datetimepicker1' 

// Your minimal parameters 
$params = array(':datetimepicker' => $_SESSION['datetimepicker'], ':datetimepicker1' => $_SESSION['datetimepicker1']); 

// Test you have the mandatory variables IDLinha and IDMaquina 
if (isset($_SESSION['IDLinha']) && isset($_SESSION['IDMaquina'])) { 
    $querydatahora .= " AND Avarias.IDLinha = :IDLinha AND Avarias.IDMaquina = :IDMaquina"); 
    // Adding parameters 
    $params = array_merge($params, array(':IDLinha' => $_SESSION['IDLinha'],':IDMaquina' => $_SESSION['IDMaquina'])); 
} 

// In anyway you will do the same order by then write it at the end 
$querydatahora .= " order by DataHoraInicioAvaria DESC LIMIT $startrow, 9"; 

// Your querystring is ok then let's prepare it 
$stmt = $conn->prepare($querydatahora); 

// Now Run with parameters 
$stmt->execute($params); 

我已刪除了您的querycount因爲我希望把重點放在第一個查詢,並使其工作

+0

致命錯誤:在「$ querydatahora-> execute($ params)」字符串中調用成員函數execute();「 – vallete7

+1

更新:替換$ querydatahora->執行$ conn->執行 – Bang

+1

'$ stmt = $ conn-> prepare(...); $ stmt-> execute(...)'你的意思是? –

2

您需要先構建查詢,之後做準備

$sql = 'SELECT Linhas.NomeLinha, 
       Maquinas.Nome as maquina, 
       Tecnicos.Nome, 
       Avarias.DataHoraInicioAvaria, 
       Avarias.DataHoraFimAvaria, 
       Avarias.Descricao, 
       Avarias.Solucao, 
       Avarias.TipoSolucao 
     FROM Avarias, Tecnicos, Linhas, Maquinas, avariatecnico 
     WHERE Linhas.IDLinha = Avarias.IDLinha 
     AND avariatecnico.IDAvaria = avarias.IDAvaria 
     AND Avariatecnico.IDTecnico = Tecnicos.IDTecnico 
     AND Maquinas.IDMaquina = Avarias.IDMaquina 
     AND DataHoraInicioAvaria >= :datetimepicker 
     AND DataHoraFimAvaria <= :datetimepicker1 '; 

if ($_SESSION['IDLinha']) { 
    $querydatahora = $conn->prepare($sql." AND Avarias.IDLinha = :IDLinha 
              AND Avarias.IDMaquina = :IDMaquina 
              ORDER BY DataHoraInicioAvaria 
              DESC LIMIT $startrow, 9"); 
}else{ 
    $querydatahora = $conn->prepare($sql." ORDER BY DataHoraInicioAvaria 
              DESC LIMIT $startrow, 9"); 
} 


$params = array(':datetimepicker' => $_SESSION['datetimepicker'], 
       ':datetimepicker1' => $_SESSION['datetimepicker1'], 
       ':IDLinha' => $_SESSION['IDLinha'], 
       ':IDMaquina' => $_SESSION['IDMaquina'] 
       ); 

$querydatahora->execute($params); 

$params = array(':datetimepicker' => $_SESSION['datetimepicker'], 
       ':datetimepicker1' => $_SESSION['datetimepicker1']); 

if ($_SESSION['IDLinha']) { 
    $querycount = $conn->prepare($sql.' AND Avarias.IDLinha = :IDLinha 
             AND Avarias.IDMaquina = :IDMaquina'); 
    $params[':IDLinha'] = $_SESSION['IDLinha']; 
    $params[':IDMaquina'] $_SESSION['IDMaquina']; 
} 

$querycount->execute($params); 
+0

感謝您的回答。我試過這個例子,但我得到了以下錯誤: 警告:PDOStatement :: execute():SQLSTATE [HY093]:無效參數編號:綁定變量的數量與C:\ xxxxxxxxxxxxx.php中的標記數量不匹配上線61 說明:未定義變量:querycount在C:\ xxxxxxxxxxxxxx.php上線67 致命錯誤:調用一個成員函數在C於空的execute():xxxxxxxxxxxxx.php上線67 – vallete7

+0

@ vallete7,我更新答案 – rray