添加额外条件检查时的SQL查询语法
[英]SQL Query Syntax when adding extra condition check
问题描述
I'm trying to write a SQL query that fetches an id and date. 
我正在尝试编写一个提取ID和日期的SQL查询。 I am having some troubles getting the syntax correct: 我在语法正确方面遇到一些麻烦:
$query = $this->pdo->prepare('SELECT * FROM `' . $this->table . '` WHERE `id` = ' . $id . ' AND `date` = ' . $date . '');
I originally had this without the second check against the date and it worked fine: 我最初没有对日期进行第二次检查就可以了,它工作得很好:
$query = $this->pdo->prepare('SELECT * FROM `' . $this->table . '` WHERE `id` = ' . $id . '');
but when I add the check for the date things go wrong. 但是当我添加日期支票时,出现了问题。
Please help me locate the syntax error. 请帮助我找到语法错误。 Thank you! 谢谢!
UPDATE: 更新:
tried this with no luck still: 仍然没有运气尝试过这个:
$query = $this->pdo->prepare('SELECT * FROM `' . $this->table . '` WHERE `id` = `' . $id. '` AND `date` = `' . $date . '` ');
1 个解决方案
解决方案1
2 2018-06-12 17:06:49
As others have commented above, you didn't have quotes around your date. 正如其他人在上面的评论所述,您在日期前后没有报价。 Your syntax would create this SQL: 您的语法将创建以下SQL:
... WHERE `id` = 123 AND `date` = 2018-06-12 -- WRONG
But correct syntax is as follows. 但是正确的语法如下。 In other words, a date constant should be delimited by single-quotes. 换句话说,日期常数应该用单引号引起来。
... WHERE `id` = 123 AND `date` = '2018-06-12' -- RIGHT
Your second try with back-ticks is also wrong. 您第二次尝试使用反勾号也是错误的。 The back-ticks are for delimited identifiers like column names or table names. 反引号用于分隔标识符,例如列名或表名。 This syntax would mean that you're comparing id to a column whose name is 123 , and I assume you don't have such a column. 这种语法意味着您正在将id与名称为123的列进行比较,并且我假设您没有这样的列。 Same for the back-ticks around the date—it's interpreted as a column named 2018-06-12 which is unlikely. 该日期前后的2018-06-12也一样,它被解释为名为2018-06-12的列,这不太可能。 MySQL does not treat back-ticks the same as single-quotes. MySQL不会将反引号与单引号相同。
... WHERE `id` = `123` AND `date` = `2018-06-12` -- WRONG
However, there's a much easier solution. 但是,有一个更简单的解决方案。 You won't have to worry about quotes if you use query parameters: 如果使用查询参数,则不必担心引号:
$sql = "SELECT * FROM `{$this->table}` WHERE `id` = ? AND `date` = ?";
$stmt = $this->pdo->prepare($sql);
$stmt->execute([$id, $date]);
You're already using prepare() , so you should use it to its best advantage and use query parameters (the ? placeholders) instead of interpolating variables into your SQL query string. 您已经在使用prepare() ,因此应该最大程度地利用它,并使用查询参数( ?占位符),而不是将变量插值到SQL查询字符串中。
You don't need quotes around strings or dates when you use parameters. 使用参数时,不需要在字符串或日期前后加上引号。 In fact, you must NOT use quotes to delimit the ? 实际上,您不能使用引号分隔? parameter placeholders. 参数占位符。
Notice I also show the PHP syntax for putting a variable directly into a string without breaking the string and using . 请注意,我还展示了PHP语法,该语法可将变量直接放入字符串中而不破坏字符串并使用. for concatenation. 用于串联。 You can do this if your PHP string is delimited with double-quotes. 如果您的PHP字符串用双引号分隔,则可以执行此操作。 Read http://php.net/manual/en/language.types.string.php#language.types.string.parsing for details. 阅读http://php.net/manual/en/language.types.string.php#language.types.string.parsing了解详细信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.