無法在我的SQL語句中獲得空格

Question

我在我的WHERE語句中有兩個變量。我似乎不能用空格分隔它們，所以我最終得到了語法錯誤。謝謝您的幫助。

（我用笨）

BTW我已經嘗試設置$空間變量，並把空間之前，並設置兩個變量後，並在SQL。

ERROR

錯誤編號：1064

您的SQL語法錯誤;請檢查與您的MySQL服務器版本對應的手冊，以找到在第2行'source_adusers.ad_account ='Wolfs，Marc'GROUP BY rollout_systems.eam_user LIMIT'附近使用的正確語法012 *如從rollout_systems系統LEFT JOIN source_adusers ON rollout_systems.EAM_User = source_adusers.ad_account WHERE rollout_systems.scope_ID = 3-和source_adusers.ad_account = 「沃爾夫斯，馬克」 GROUP BY rollout_systems.eam_user LIMIT 0,50

行號：330

PHP

if ($this->session->userdata('scopeId') != NULL) { 
     $where1 = 'WHERE rollout_systems.scope_ID = '. $this->session->userdata('scopeId') . ''; 
    } else { 
     redirect('/headquarters/home');; 
    } 

    if ($search) { 
     $where2 = ' AND rollout_systems.sys_name ="'.$search.'"'; 
    } else { 
     $where2 = ''; 
    } 
$query = $this->db->query('SELECT * FROM rollout_systems LEFT JOIN source_adusers 
     ON rollout_systems.eam_user = source_adusers.ad_account '. $where1 .''. $where2 .' GROUP BY rollout_systems.sys_name LIMIT '.$limit.',50'); 

Answer 1

如果您在$ query中保留空格和AND，而不是將它們構建到您的where變量中，該怎麼辦？然後你的$ where 2只需要工作而不影響查詢 - 因此0 = 0。

if ($this->session->userdata('scopeId') != NULL) { 
     $where1 = 'WHERE rollout_systems.scope_ID = '. $this->session->userdata('scopeId') . ''; 
    } else { 
     redirect('/headquarters/home');; 
    } 

    if ($search) { 
     $where2 = 'rollout_systems.sys_name ="'.$search.'"'; 
    } else { 
     $where2 = '0=0'; 
    } 
$query = $this->db->query('SELECT * FROM rollout_systems LEFT JOIN source_adusers 
     ON rollout_systems.eam_user = source_adusers.ad_account '. $where1 .' and '. $where2 .' GROUP BY rollout_systems.sys_name LIMIT '.$limit.',50'); 

Answer 2

只需添加一個空格兩個瓦爾 - '. $where1 .' '. $where2 .'

正如其他人你真的應該使用mysql_real_escape_string()或intval()來逃避你的用戶輸入，如果你期待一個整數值指出。如果您正在使用PDO或mysqli使用準備好的語句。

如果$this->db是PDO例如，你可以使用 -

$params = array(); 

if ($this->session->userdata('scopeId') != NULL) { 
    $where = 'WHERE rollout_systems.scope_ID = ?'; 
    $params[] = $this->session->userdata('scopeId'); 
} else { 
    redirect('/headquarters/home');; 
} 

if ($search) { 
    $where .= ' AND rollout_systems.sys_name = ?'; 
    $params[] = $search; 
} 

$sql = "SELECT * FROM rollout_systems 
    LEFT JOIN source_adusers ON rollout_systems.eam_user = source_adusers.ad_account 
    $where 
    GROUP BY rollout_systems.sys_name 
    LIMIT ?, 50"; 
$params[] = $limit; 

$query = $this->db->prepare($sql); 
$query->execute($params); 

Answer 3

$where = array(); 

if ($this->session->userdata('scopeId') != NULL) { 
    // better to escape your parameter here unless you trust it totally 
    // judging by its name, it's user-provided data, so I wouldn't trust it 
    $where[] = 'rollout_systems.scope_ID = '. $this->session->userdata('scopeId'); 
} else { 
    redirect('/headquarters/home'); 
    // you may need to exit here after redirection, depends on your implementation 
} 

if ($search) { 
    // once again don't forget to escape $search in real application 
    $where[] = "rollout_systems.sys_name = '" . $search . "'"; 
} 

$query = $this->db->query(" 
    SELECT 
     * 
    FROM 
     `rollout_systems` 
     LEFT JOIN 
     `source_adusers` 
     ON rollout_systems.eam_user = source_adusers.ad_account 
    WHERE 
     " . implode (' AND ', $where) . " 
    GROUP BY 
     rollout_systems.sys_name 
    LIMIT " . $limit /* escape it! */ . ",50" 
); 

Answer 4

您也可以使用PHP語法選項

$sql = " blah blah {$my_var} {$my_other_var} ";