Joh*_*ohn 0 php mysql zend-framework mysql-error-1064
我的代码到目前为止
$limitText ="";
if($history_length){
$limitText = ' limit '. $history_length;
}
if(!$history_days){
$history_days = '180';
}
$db = $this->getInvokeArg('bootstrap')->getPluginResource('db')->getDbAdapter();
//changing code to add min(currBalance) -- as sum(points) is valid only for debit. Also sort by desc instead of (major bug)
$history_stmt = $db->query("SELECT sum(points) as points,credit_date,min(currBalance) as currBalance,extRefId,transactedAt,pointType FROM credits where userid = '".$userid."' and credit_date >= date('now','-".$history_days." days') group by extRefID,pointType order by creditid desc ".$limitText);
$history_results = $history_stmt->fetchall();
$expiry_stmt = $db->query("SELECT availablePoints,expiry_date FROM credits where userid = '".$userid."'and availablePoints > 0 and expiry_date <= date('now','+".$expiry_duration." days') order by expiry_date asc ");
$expiry_results = $expiry_stmt->fetchall();
我收到了一个错误
<b>Message:</b> SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''-180 days') group by extRefID,pointType order by creditid desc' at line 1 </p>
我能做什么我无法解决问题
似乎你以错误的方式使用MySQL Date函数 - 你真的计划使用php日期函数吗?而不是例如
"[...] credit_date >= date('now','-".$history_days." days') group by [...]"
你必须写:
"[...] credit_date >= '".date('-'.$history_days.' days')."' group by [...]"
只有变量(例如$ history_days)将通过php在用双引号(")括起来的字符串中展开,而不是函数调用.如果你在字符串中包含一个函数调用,php无法识别它,它将被传递和mysql一样,而不是首先由php执行;但是你想要php来评估它,所以你必须将它从字符串常量中排除,并将它与串联运算符(.)一起添加到你的字符串中.
你的php日期函数调用似乎也是不正确的; 得到"当前日期减去一定天数",最好使用这样的mysql日期函数:
"[...] credit_date >= DATE_SUB(NOW(), INTERVAL '$history_days' DAY) group by [...]"
而就在一个对安全性的一般注意事项:这不是从一块你提供脚本的清晰,但如果在价值观$history_days,$history_length,$user_id或$expiry_duration(在SQL语句中使用的变量)都只能由用户设定的最遥远的机会,你不应该将它们直接插入到SQL语句中,而是做一些事情来阻止SQL注入.
| 归档时间: |
|
| 查看次数: |
596 次 |
| 最近记录: |