这个MySQL查询有效吗?
[英]Is this MySQL query valid?
问题描述
So I came across this when I visited a friend. 
因此,当我拜访朋友时遇到了这个问题。 He is trying to show in a table data from his created DB. 他正试图在表中显示其创建的数据库中的数据。
This is the part where he asks for the Start and End dates: 这是他要求开始和结束日期的部分:
<form method="post">
<input type="date" name="Date1" value="<?php echo $_POST['StartD'] ?>" style="position:absolute; top:2em; left:7em;">
<p style="font-family:Calibri; color:green; font-size:15px; position: absolute; top: 1em; left: 18em;">to</p>
<input type="date" name="Date2" value="<?php echo $_POST['EndD'] ?>" style="position:absolute; top:2em; left:23em;"><br />
<input type="submit" id="Sbtn" style="cursor: pointer;" name="search_projects" value="Search">
</form>
This is now his MySQL query: 现在这是他的MySQL查询:
$sql= "SELECT * FROM statisticData WHERE accessDate LIKE '%" . $_POST['StartD'] . "%' OR accessDate LIKE '%" . $_POST['EndD'] . "%' ORDER BY accessDate ASC";
Whenever he chooses the Star date: 09-13-13 and an End date: 09-13-13 , the dates such as 09-12-13 also appears in the table. 每当他选择的明星日期: 09-13-13和结束日期: 09-13-13 ,日期,如09-12-13也出现在表格中。 I told him to go and ask the professionals and he says he's too shy. 我告诉他去问专业人士,他说他太害羞了。 So I'm asking instead. 所以我要问。
Here's his code: 这是他的代码:
<div class="scrollableTable">
<center><table class="font1" border="3px solid white" width="70%">
<thead>
<tr id="tblRow">
<th id="tblData" width="20%">Access Date</td>
<th id="tblData" width="15%">ID number</td>
<th id="tblData" width="35%">Name</td>
<th id="tblData" width="20%">Keyword</td>
</tr>
</thead>
<?php
if ($_POST['search_projects']){
$con= mysql_connect("...","...","...") or die ('Error: ' . mysql_error());
mysql_select_db("...");
$sql= "SELECT * FROM statisticData WHERE accessDate LIKE '%" . $_POST['StartD'] . "%' AND accessDate LIKE '%" . $_POST['EndD'] . "%' ORDER BY accessDate DESC";
$result= mysql_query($sql);
while($row= mysql_fetch_object($result))
{
$Date=$row->accessDate;
$ID=$row->IDnum;
$Name=$row->Sname;
$Key=$row->keyWord;
echo "<tr>";
echo "<td>" . $Date. " </td>" . " <td>" . $ID. " </td>" . " <td>" . $Name. " </td>". " <td>" . $Key. " </td>";
echo "</tr>";
}
echo "</table>";
echo "</center>";
}
?>
</div>
He wants to allow the user to browse the contents of the database using these date inputs. 他希望允许用户使用这些日期输入来浏览数据库的内容。
The problem is even when I choose the start and end dates, all the contents are shown in the table. 问题是,即使选择开始日期和结束日期,所有内容也会显示在表格中。 His query does not filter the results at all. 他的查询根本不过滤结果。 I told him to sleep it off, but he just keeps bugging me. 我告诉他不要睡,但他一直在烦我。 So what do you think should he do to finally get some sleep? 那么,您认为他应该怎么做才能最终入睡?
6 个解决方案
解决方案1
1 已采纳
People problem is in names: 人的问题是名字:
$sql= "SELECT * FROM statisticData WHERE accessDate LIKE '%" . $_POST['Date1'] . "%' OR accessDate LIKE '%" . $_POST['Date2'] . "%' ORDER BY accessDate ASC";
also: 也:
<form method="post">
<input type="date" name="Date1" value="<?php echo $_POST['Date1'] ?>" style="position:absolute; top:2em; left:7em;">
<p style="font-family:Calibri; color:green; font-size:15px; position: absolute; top: 1em; left: 18em;">to</p>
<input type="date" name="Date2" value="<?php echo $_POST['Date2'] ?>" style="position:absolute; top:2em; left:23em;"><br />
<input type="submit" id="Sbtn" style="cursor: pointer;" name="search_projects" value="Search">
</form>
Update: 更新:
- We have to convert time for MySQL 我们必须为MySQL转换时间
- And use BETWEEN statement 并使用BETWEEN语句
<?php
if ($_POST['search_projects']){
$startDate = date("Y-m-d", strtotime($_POST['Date1']));
$endDate = date("Y-m-d", strtotime($_POST['Date2']));
$con= mysql_connect("...","...","...") or die ('Error: ' . mysql_error());
mysql_select_db("...");
$sql= "SELECT * FROM statisticData WHERE accessDate BETWEEN '$startDate' AND '$endDate' ORDER BY accessDate DESC";
$result= mysql_query($sql);
...
解决方案2
0 2013-09-27 07:51:02
$sql= "
SELECT *
FROM statisticData
WHERE accessDate BETWEEN '{$_POST['StartD']}' AND '{$_POST['EndD']}
ORDER BY accessDate ASC
";
And please read How can I prevent SQL injection in PHP? 并且请阅读如何防止PHP中的SQL注入?
解决方案3
0 2013-09-27 07:52:24
it looks good Try to use this one 看起来不错尝试使用这个
$sql= "SELECT * FROM statisticData WHERE accessDate LIKE '" . $_POST['StartD'] . "' OR accessDate LIKE '" . $_POST['EndD'] . "' ORDER BY accessDate ASC";
OR use 或使用
$sql= "SELECT * FROM statisticData WHERE accessDate BETWEEN '" . $_POST['StartD'] . "' AND '" . $_POST['EndD'] . "' ORDER BY accessDate ASC";
解决方案4
0 2013-09-27 07:53:30
used this 用这个
$sql= "SELECT *
FROM `statisticData`
WHERE (accessDate BETWEEN '".$_POST['StartD']."' AND '" . $_POST['EndD'] . "') ORDER BY accessDate ASC";
解决方案5
0 2013-09-27 07:54:13
In my opinion it is a bad practice for three reasons: 我认为这是一种不良做法,原因有以下三个:
1) You have an SQL-injection vulnerability here - you must escape your input 1)您这里有一个SQL注入漏洞-您必须转义输入
2) If you use datetime format in your DB, but want to select by date without time - you should convert type with functions like DATE() 2)如果您在数据库中使用datetime格式,但想按日期选择而不带时间-您应该使用DATE()类的函数转换类型
3) Using LIKE statement is much more slower than exact comparison, which is for your needs is BETWEEN statement. 3)使用LIKE语句比精确比较要慢得多,这是您需要的BETWEEN语句。 And LIKE is mostly for just string-like data types LIKE主要用于仅字符串类型的数据类型
解决方案6
0 2013-09-27 07:55:06
is the data type of accessDate column a datetime, or is it a string? 是accessDate列的数据类型是日期时间,还是字符串? if it is datetime then try the following: 如果是日期时间,请尝试以下操作:
'SELECT * FROM `statisticData`
WHERE (accessDate BETWEEN ' . $_POST['StartD'] . ' AND ' . $_POST['EndD']) .
'ORDER BY accessDate ASC'
it should work, i'm now sql guru 它应该工作,我现在是sql guru
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.