在查询中使用$ get中的变量

Question

Have a php scripts that holds 2 functions. In the first function the query is using the $get to fetch time and date. The second function is making im trying to use the variable from the first function.

public function Execute( ) {


    if( $_GET['from'] && $_GET['to'] ){

        $from = $_GET['from'];
        $to = $_GET['to'];


       $query =  "SELECT * from historie_ordre where kode = ? AND time BETWEEN ? AND ? AND  order by time desc";
       $orders = DB::query( $query, $kode,  $from, $to )->fetchAll( DB::FETCH_ASSOC );


        Util::Debug( $orders  );
        $this->stats = $orders;

    }

    $this->kode = $kode;
    $this->from = $from;
    $this->to = $to;


}

second funstion:

     public function XLS(  ) {


 //trying to use this:
$from = intval($_GET['from']);
$to = intval($_GET['to']);
$kode = intval($_GET['kode']);



     $query =  "SELECT * from historie_ordre where kode = $kode AND time BETWEEN $from AND $to AND  order by time desc"; 

        $orders = DB::query( $query, $kode,  $from, $to )->fetchAll( DB::FETCH_ASSOC );


         $this->setTemplate( false );

         $oldreporting = error_reporting( 0 );

         require_once 'Spreadsheet/Excel/Writer.php';

// Creating a workbook
$workbook = new Spreadsheet_Excel_Writer();

// sending HTTP headers
$workbook->send('stabburet_stats.xls');

// Creating a worksheet
$worksheet =& $workbook->addWorksheet('My first worksheet');

// overskrift
//$worksheet->write(0, 0, 'Antall');
$worksheet->write(0, 1, 'kode');
$worksheet->write(0, 2, 'name');
$worksheet->write(0, 3, 'adress');


$i=1;
// for å få inn verdiane
foreach( $orders as $order ){
    $i++;
    //$worksheet->write($i, 0, $order['antall']);
    $worksheet->write($i, 1, $order['kode']);
    $worksheet->write($i, 2, utf8_decode( $order['name'] ) );
    $worksheet->write($i, 3, utf8_decode ($order['adress']) );


}        

// Sender fila
$workbook->close();
         error_reporting( $oldreporting );

      }



    }

The first function is working. second is only working with "hardcoding" the variables.

Answer 1

It was pointed out to you in comments you need to be more careful and use the same techniques consistently. I also don't believe that the first function works , because your query syntax in each place is wrong.

The problem at very least is that you have an incorrect SELECT syntax with a spurious AND at the end. You also are using a column named time, which is a mysql reserved word. That might also be a problem, that can be mitigated by using the `column name` syntax.

 $query =  "SELECT * 
            from historie_ordre 
            WHERE kode = $kode 
                AND time BETWEEN $from AND $to AND  
            order by time desc";

Needs to be:

  $query =  "SELECT * 
             FROM historie_ordre
             WHERE kode = ? 
             AND `time` BETWEEN ? AND ? 
             ORDER BY `time` DESC";

Updated:

Now that we have more information from you, the problem can also be traced to here:

$from = intval($_GET['from']);
$to = intval($_GET['to']);
$kode = intval($_GET['kode']);

The problem is that your from and to need to be strings in date format. You are forcing them to be zeros by turning them into integers. So again your query is not going to function.

$from = $_GET['from'];
$to = $_GET['to'];
$kode = intval($_GET['kode']);