1. 首頁
  2. 問答
  3. 在phpmysql級聯混淆

在phpmysql級聯混淆

2011-05-24 189 views
0

我有這樣的腳本:在phpmysql級聯混淆

$sLimit = ""; 
     if (isset($_POST['iDisplayStart']) && $_POST['iDisplayLength'] != '-1') 
     { 
       $sLimit = "LIMIT ".mysql_real_escape_string($_POST['iDisplayStart']).", ". 
         mysql_real_escape_string($_POST['iDisplayLength']); 
     } 


if (isset($_POST['iSortCol_0'])) 
     { 
       $sOrder = "ORDER BY "; 
       for ($i=0 ; $i<intval($_POST['iSortingCols']) ; $i++) 
       { 
         if ($_POST[ 'bSortable_'.intval($_POST['iSortCol_'.$i]) ] == "true") 
         { 
           $sOrder .= $aColumns[ intval($_POST['iSortCol_'.$i]) ]." 
             ".mysql_real_escape_string($_POST['sSortDir_'.$i]) .", "; 
         } 
       } 

       $sOrder = substr_replace($sOrder, "", -2); 
       if ($sOrder == "ORDER BY") 
       { 
         $sOrder = ""; 
       } 
     } 


$sGroupBy = " GROUP BY A.Range_sampling, A.Lot_no "; 
       $sQuery = "SELECT SQL_CALC_FOUND_ROWS DATE(A.Inspection_datetime) AS Date, A.Line, A.Model, 
            A.Lot_no,A.Range_sampling,COUNT(A.Serial_number) AS Error,B.name AS PIC 
          FROM inspection_report A 
          LEFT JOIN Employee B 
          ON A.NIK=B.NIK 
          WHERE CHAR_LENGTH(A.Range_sampling) < 17 
          AND MONTH(A.Inspection_datetime)=MONTH(CURRENT_DATE)" .$sGroupBy.$sOrder.$sLimit; //error 
     $rResult = mysql_query($sQuery) or _doError(_ERROR30 . ' (<small>' . htmlspecialchars($sql) . '</small>): ' . mysql_error());

這個腳本我有錯誤:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0, 10' at line 7

後添加空格顯示:

Error message is :: "Error occuered during query execution: (<small></small>): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc LIMIT 0, 10' at line 8";

完整的查詢:

SELECT SQL_CALC_FOUND_ROWS DATE(A.Inspection_datetime) AS Date, A.Line, A.Model, A.Lot_no,A.Range_sampling,COUNT(A.Serial_number) AS Error,B.name AS PIC FROM inspection_report A LEFT JOIN Employee B ON A.NIK=B.NIK WHERE CHAR_LENGTH(A.Range_sampling) < 17 AND MONTH(A.Inspection_datetime)=MONTH(CURRENT_DATE) GROUP BY A.Range_sampling, A.Lot_no ORDER BY desc LIMIT 0, 10

來源

2011-05-24 nunu

+1

給我們**純文本SQL字段名* *根本沒有任何php變量。 – zerkms 2011-05-24 04:07:52

+0

你能迴應完整的查詢變成什麼嗎? – judda 2011-05-24 04:08:58

+0

我想說你在LIMIT後缺少一個空格。我發現錯誤通常在錯誤消息中給出的字符串之前。編輯 - oops – dgig 2011-05-24 04:13:42

回答

1

嘗試把一些空格開頭和字符串一樣的終結「ORDER BY」和「限制」。

另外,向我們展示錯誤的sQuery變量的最終值。

現在你沒有一個領域的ORDER BY子句中:

ORDER BY desc LIMIT 0, 10

BY和desc之間應該是由你選

來源

2011-05-24 04:11:13

+0

您是指錯誤的sQuery變量的最終值是什麼? – nunu 2011-05-24 04:14:53

+0

添加空間顯示後:'錯誤消息是::「錯誤在查詢執行過程中遇到以下情況:():您的SQL語法有錯誤;檢查與您的MySQL服務器版本相對應的手冊,在第8行'desc LIMIT 0,10'附近使用正確的語法;' – nunu 2011-05-24 04:16:31

+0

做一個'print($ sQuery);'在賦值之後和'$之前rResult = mysql_query($ sQuery)..'並向我們顯示該打印的結果,因此我們可以看到如何構建字符串 – 2011-05-24 04:18:10

相關問題

 相關問題