[英]Empty result of query in PHP , but when I run an SQL query from PHPMyAdmin, it works
Empty result of query in PHP (wordpress), but when I run an SQL query from PHPMyAdmin, it works ! PHP(wordpress)中查询的结果为空,但是当我从PHPMyAdmin运行SQL查询时,它可以工作! And here is part of code, which returns empty array 这是代码的一部分,它返回空数组
<?php
global $wpdb;
$from = $_POST['amount'];
$to = $_POST['amount1'];
$query = "SELECT post_content
FROM `wp_postmeta`
INNER JOIN `wp_posts` ON wp_posts.ID = wp_postmeta.post_id
WHERE meta_key = 'product_price'
AND meta_value > '$from'
AND meta_value < '$to'";
$results = $wpdb->get_results($query);;
var_dump($results); // empty array
?>
Anyone can explain my the problem ? 任何人都可以解释我的问题吗? Thanks ! 谢谢 !
I believe the reason for this is that the input to the clauses regarding the meta_value column are being treated as strings. 我相信这样做的原因是,关于meta_value列的子句的输入被视为字符串。 You need to treat them as numerics. 您需要将它们视为数字。
Take a look at the 'query_posts' function in Wordpress. 看一下Wordpress中的'query_posts'函数。
$args = array(
'meta_query'=> array(
array(
'key' => 'product_price',
'compare' => '>',
'value' => $from,
'type' => 'numeric'
),
array(
'key' => 'product_price',
'compare' => '<',
'value' => $to,
'type' => 'numeric'
)
)
'posts_per_page' => 100
) );
query_posts( $args );
Alternatively, have your inputs treated as numerics, not strings. 或者,将输入视为数字,而不是字符串。 Remove the single quotes around them in your original query. 删除原始查询中的单引号。
global $wpdb;
$from = $_POST['amount'];
$to = $_POST['amount1'];
$query = "SELECT post_content
FROM `wp_postmeta`
INNER JOIN `wp_posts` ON wp_posts.ID = wp_postmeta.post_id
WHERE meta_key = 'product_price'
AND meta_value > $from
AND meta_value < $to";
$results = $wpdb->get_results($query);
var_dump($results);
I still highly recommend you get in the habit of sanitizing your input. 我仍然强烈建议您养成清理输入内容的习惯。
An added benefit of the first solution, is that the query_posts function will automatically sanitize your input, based on the input type provided. 第一个解决方案的另一个好处是,query_posts函数将根据提供的输入类型自动清理您的输入。
References: 参考文献:
I really care about security and all answers no one was concerned about it so I am adding the best solution for this because you should NEVER trust your inputs you need always to validate it. 我非常关心安全性,所有答案都没有人关心它,因此,我为此添加了最佳解决方案,因为您永远都不应信任您需要始终对其进行验证的输入。
Below should be a good working solution. 以下应该是一个好的工作解决方案。
Also you should read this and this . 另外,您应该阅读本和本 。
<?php
global $wpdb;
$from = $_POST['amount'];
$to = $_POST['amount1'];
$query = "SELECT post_content
FROM `wp_postmeta`
INNER JOIN `wp_posts` ON wp_posts.ID = wp_postmeta.post_id
WHERE meta_key = 'product_price'
AND meta_value > %d
AND meta_value < %d";
$results = $wpdb->get_results($wpdb->query($wpdb->prepare($query, $from, $to));
var_dump($results);
?>
Make sure $from
and $to
have numeric values. 确保$from
和$to
具有数值。
And then just remove the single quotes from the SQL query. 然后只需从SQL查询中删除单引号即可。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.