Mysql SELECT with WHERE 子句不适用于变量
Mysql SELECT with WHERE clause not working with variable
我正在拔头发。我有两个基本相同主体的 SELECT 语句。第一个有效,第二个不适用于其中的 WHERE 子句。我需要一些新鲜的眼光和建议。我去过每个论坛并阅读每个 post 并且尝试了很多 "solutions" 都无济于事。希望有人能看到我错过的东西。
$oID = zen_db_prepare_input($_GET['oID']);
// Color coding for invoice -Start queries---
$query = "SELECT * FROM cart1_orders WHERE orders_id = $oID";
$result = $db->Execute($query);
$shiploc = $result->fields['shipping_method'];
if ($result->RecordCount() > 0) {
echo 'Test Query: = ' . $result->fields['shipping_method'];
} else {
echo 'Sorry, no record found for product number ' ;
}
$sql = "SELECT * FROM cart1_store_locations WHERE pickup_name= $shiploc";
$results = $db->Execute($sql);
$newcolorblock = $results->fields['color_code'];
if ($results->RecordCount() > 0) {
echo 'Color Query: = ' . $results->fields['color_code'];
echo 'Location: = '. $results->fields['pickup_name'];
} else {
echo 'Sorry, no record found for Color Code ' ;
}
提前感谢您的帮助和建议,希望您能看到我看不到的东西。
第一个查询结果:测试查询:= Store Pickup (Mooresville - Gold's Gym)
第二次查询结果:警告:发生错误,请刷新页面重试。
如果 WHERE 子句被删除,它 returns 值但不是正确的值。我需要 WHERE 语句来提取正确的信息。
答案 由 bloodyKnuckles 友情提供:)
$sql= "SELECT * FROM cart1_store_locations WHERE pickup_name= $shiploc";
更改为:(需要转义以补偿 table 数据中的 for )
$shiploc_escaped = mysql_escape_string($shiploc);
$sql = "SELECT * FROM cart1_store_locations WHERE pickup_name= '".$shiploc_escaped."'";
我以前没有用过这个论坛。爱它!!!谢谢大家!
您的 $shiploc 可能是 null。在第二次查询之前,请写 var_dump($shiploc); 并让我们知道您得到了什么。
编辑
$oID = zen_db_prepare_input($_GET['oID']);
// Color coding for invoice -Start queries---
$query = "SELECT * FROM cart1_orders WHERE orders_id = $oID";
$result = $db->Execute($query);
$shiploc = $result->fields['shipping_method'];
if ($result->RecordCount() > 0) {
echo 'Test Query: = ' . $result->fields['shipping_method'];
} else {
echo 'Sorry, no record found for product number ' ;
}
$sql = "SELECT * FROM cart1_store_locations WHERE pickup_name= '".$shiploc."'";
$results = $db->Execute($sql);
$newcolorblock = $results->fields['color_code'];
if ($results->RecordCount() > 0) {
echo 'Color Query: = ' . $results->fields['color_code'];
echo 'Location: = '. $results->fields['pickup_name'];
} else {
echo 'Sorry, no record found for Color Code ' ;
}
因为你的字符串中有一个单引号:
Store Pickup (Mooresville - Gold's Gym)
...你需要转义变量 $shiploc:
$shiploc_escaped = addslashes($shiploc);
$sql = "SELECT * FROM cart1_store_locations WHERE pickup_name= '".$shiploc_escaped."'";
阅读 Zen Cart Escaping Content,看来这是一个选项:
$sql = "SELECT * FROM cart1_store_locations WHERE pickup_name= '".$db->prepare_input($shiploc)."'";
...而且,更好的是,这个:
$sql = "SELECT * FROM cart1_store_locations WHERE pickup_name= :pickup_name:";
$sql = $db->bindVars($sql, ':pickup_name:', $shiploc, 'string');
我正在拔头发。我有两个基本相同主体的 SELECT 语句。第一个有效,第二个不适用于其中的 WHERE 子句。我需要一些新鲜的眼光和建议。我去过每个论坛并阅读每个 post 并且尝试了很多 "solutions" 都无济于事。希望有人能看到我错过的东西。
$oID = zen_db_prepare_input($_GET['oID']);
// Color coding for invoice -Start queries---
$query = "SELECT * FROM cart1_orders WHERE orders_id = $oID";
$result = $db->Execute($query);
$shiploc = $result->fields['shipping_method'];
if ($result->RecordCount() > 0) {
echo 'Test Query: = ' . $result->fields['shipping_method'];
} else {
echo 'Sorry, no record found for product number ' ;
}
$sql = "SELECT * FROM cart1_store_locations WHERE pickup_name= $shiploc";
$results = $db->Execute($sql);
$newcolorblock = $results->fields['color_code'];
if ($results->RecordCount() > 0) {
echo 'Color Query: = ' . $results->fields['color_code'];
echo 'Location: = '. $results->fields['pickup_name'];
} else {
echo 'Sorry, no record found for Color Code ' ;
}
提前感谢您的帮助和建议,希望您能看到我看不到的东西。
第一个查询结果:测试查询:= Store Pickup (Mooresville - Gold's Gym) 第二次查询结果:警告:发生错误,请刷新页面重试。
如果 WHERE 子句被删除,它 returns 值但不是正确的值。我需要 WHERE 语句来提取正确的信息。
答案 由 bloodyKnuckles 友情提供:)
$sql= "SELECT * FROM cart1_store_locations WHERE pickup_name= $shiploc";
更改为:(需要转义以补偿 table 数据中的 for )
$shiploc_escaped = mysql_escape_string($shiploc);
$sql = "SELECT * FROM cart1_store_locations WHERE pickup_name= '".$shiploc_escaped."'";
我以前没有用过这个论坛。爱它!!!谢谢大家!
您的 $shiploc 可能是 null。在第二次查询之前,请写 var_dump($shiploc); 并让我们知道您得到了什么。
编辑
$oID = zen_db_prepare_input($_GET['oID']);
// Color coding for invoice -Start queries---
$query = "SELECT * FROM cart1_orders WHERE orders_id = $oID";
$result = $db->Execute($query);
$shiploc = $result->fields['shipping_method'];
if ($result->RecordCount() > 0) {
echo 'Test Query: = ' . $result->fields['shipping_method'];
} else {
echo 'Sorry, no record found for product number ' ;
}
$sql = "SELECT * FROM cart1_store_locations WHERE pickup_name= '".$shiploc."'";
$results = $db->Execute($sql);
$newcolorblock = $results->fields['color_code'];
if ($results->RecordCount() > 0) {
echo 'Color Query: = ' . $results->fields['color_code'];
echo 'Location: = '. $results->fields['pickup_name'];
} else {
echo 'Sorry, no record found for Color Code ' ;
}
因为你的字符串中有一个单引号:
Store Pickup (Mooresville - Gold's Gym)
...你需要转义变量 $shiploc:
$shiploc_escaped = addslashes($shiploc);
$sql = "SELECT * FROM cart1_store_locations WHERE pickup_name= '".$shiploc_escaped."'";
阅读 Zen Cart Escaping Content,看来这是一个选项:
$sql = "SELECT * FROM cart1_store_locations WHERE pickup_name= '".$db->prepare_input($shiploc)."'";
...而且,更好的是,这个:
$sql = "SELECT * FROM cart1_store_locations WHERE pickup_name= :pickup_name:";
$sql = $db->bindVars($sql, ':pickup_name:', $shiploc, 'string');