PHP mssql_query删除，创建并从#temp表中选择

Question

I am trying to:

1. Delete a temp table if it exists.
2. Create a temp table with a selected data.
3. Select from the temp table.

I am getting "Parse error: parse error in C:\\xampp\\htdocs\\test.php on line 57.

Any help will be greatly appreciated!

Short Info:

• PHP Version 5.2.9
• MS SQL 2008 R2
• The queries executed in MS SQL work as expected

The PHP code below:

$query = "IF OBJECT_ID('tempdb..#temp') IS NOT NULL DROP TABLE #temp"
$result = mssql_query($query);

$query = "
SELECT *
INTO #temp
FROM (SELECT ROW_NUMBER() OVER (PARTITION BY key
      ORDER BY moment desc) AS Seq, *
FROM  reportstable) t
WHERE Seq = 1
and moment between '$_GET[od] $time' and '$_GET[do] $time1'"
$result = mssql_query($query);

$query = "select * from #temp"
$result = mssql_query($query);

Thanks in advance!

Answer 1

This will not work as written, for a couple reasons.

1. Temp tables as you're using them here are local only to the current session. In other words, #temp is disappearing after each of your calls to mssql_query() . If you need a temp table to persist across multiple contexts, it has to be a global temp table - ##temp .
2. Your code is wide open to SQL injection - you're using unsanitized input from the users. This is a massive security vulnerability that has existed for 2 decades and you're persisting it. Read up on PDO and parameterized queries/prepared statements.
3. Your query is probably malformed. Output the actual $query after constructing it and make sure that your datetime is properly formatted.

All that said, and assuming you fix your SQL injection vulnerability, the use of a temp table here is pointless and wasting resources. The following would be sufficient:

$query = "
SELECT *
FROM (SELECT ROW_NUMBER() OVER (PARTITION BY key
      ORDER BY moment desc) AS Seq, *
FROM  reportstable) t
WHERE Seq = 1
and moment between '$_GET[od] $time' and '$_GET[do] $time1'"
$result = mssql_query($query);

Answer 2

A working solution based on alroc suggestions:

The parse error was thrown due to missing semi-colon. And ## must be present at all times in order to be able to query the table.

// to delete the temp table
$query = "IF OBJECT_ID('tempdb..##temp') IS NOT NULL DROP TABLE ##temp";
$result = mssql_query($query);

// to initialize the temp table
$query = "
SELECT *
INTO ##temp
FROM (SELECT ROW_NUMBER() OVER (PARTITION BY test_key
      ORDER BY test_moment desc) AS Seq, *
FROM  reports_table) t
WHERE Seq = 1
and test_moment between '$_GET[od] $time' and '$_GET[do] $time1'";
$result = mssql_query($query);

// to query the temp table
select test_key
from ##temp
where x = 0
and y = 1
and z = 3

ps The above works in the same session only. If u call the same page in the same time from different sources, one will throw an error because of trying to drop the temp table.