[英]PHP SQL concatenation
I have a SQL query in which I want to select records that where paid between two dates. 我有一个SQL查询,其中我想选择在两个日期之间付款的记录。
Here's how I build my query: 这是我建立查询的方式:
$qry = array();
$qry[] = "SELECT DISTINCT 2 AS Record_Type, wp_woocommerce_order_items.order_id As Order_Id, First_Name;
$qry[] = "FROM wp_woocommerce_order_items";
$qry[] = "LEFT JOIN (SELECT meta_value As First_Name, post_id FROM wp_postmeta WHERE meta_key = '_shipping_first_name') AS a";
$qry[] = "ON wp_woocommerce_order_items.order_id = a.post_id";
$qry[] = "RIGHT JOIN (SELECT post_id FROM wp_postmeta WHERE meta_key = '_paid_date' AND meta_value > " .$_POST['debut'] . " AND meta_value < " . $_POST['fin'] . ") AS m";
$qry[] = "ON wp_woocommerce_order_items.order_id = m.post_id";
$qry[] = "WHERE wp_woocommerce_order_items.order_item_type = 'line_item'";
$qry[] = "ORDER BY wp_woocommerce_order_items.order_id";
The problem is with my POST variables in the RIGHT JOIN line. 问题是我在RIGHT JOIN行中的POST变量。 If I hardcode a date instead of $_POST['debut'] and $_POST['fin'] I get the result I'm looking for. 如果我用硬编码而不是$ _POST ['debut']和$ _POST ['fin']的日期,则得到的结果是我想要的。
So I guess my problem is with concatenation from my PHP POST variables. 所以我想我的问题是来自我的PHP POST变量的串联。
Anyone can help me? 有人可以帮助我吗?
You need to quote your values, eg instead of 您需要引用您的值,例如
$qry[] = "RIGHT JOIN (SELECT post_id FROM wp_postmeta WHERE meta_key = '_paid_date' AND meta_value > " .$_POST['debut'] . " AND meta_value < " . $_POST['fin'] . ") AS m";
use 采用
$qry[] = "RIGHT JOIN (SELECT post_id FROM wp_postmeta WHERE meta_key = '_paid_date' AND meta_value > '" .$_POST['debut'] . "' AND meta_value < '" . $_POST['fin'] . "') AS m";
And please look for mysql_real_escape_string or other ways to avoid SQL injection attacks. 并且请寻找mysql_real_escape_string或其他避免SQL注入攻击的方法。
Use this 用这个
$qry[] = "SELECT DISTINCT 2 AS Record_Type, wp_woocommerce_order_items.order_id As Order_Id, First_Name
FROM wp_woocommerce_order_items
LEFT JOIN (SELECT meta_value As First_Name, post_id FROM wp_postmeta WHERE meta_key = '_shipping_first_name') AS a
ON wp_woocommerce_order_items.order_id = a.post_id
RIGHT JOIN (SELECT post_id FROM wp_postmeta WHERE meta_key = '_paid_date' AND meta_value > '" .$_POST['debut'] . "' AND meta_value < '" . $_POST['fin'] . "'') AS m
ON wp_woocommerce_order_items.order_id = m.post_id
WHERE wp_woocommerce_order_items.order_item_type = 'line_item'
ORDER BY wp_woocommerce_order_items.order_id";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.