[英]SQL Query Syntax when adding extra condition check
I'm trying to write a SQL query that fetches an id and date. 我正在尝试编写一个提取ID和日期的SQL查询。 I am having some troubles getting the syntax correct:
我在语法正确方面遇到一些麻烦:
$query = $this->pdo->prepare('SELECT * FROM `' . $this->table . '` WHERE `id` = ' . $id . ' AND `date` = ' . $date . '');
I originally had this without the second check against the date and it worked fine: 我最初没有对日期进行第二次检查就可以了,它工作得很好:
$query = $this->pdo->prepare('SELECT * FROM `' . $this->table . '` WHERE `id` = ' . $id . '');
but when I add the check for the date things go wrong. 但是当我添加日期支票时,出现了问题。
Please help me locate the syntax error. 请帮助我找到语法错误。 Thank you!
谢谢!
UPDATE: 更新:
tried this with no luck still: 仍然没有运气尝试过这个:
$query = $this->pdo->prepare('SELECT * FROM `' . $this->table . '` WHERE `id` = `' . $id. '` AND `date` = `' . $date . '` ');
As others have commented above, you didn't have quotes around your date. 正如其他人在上面的评论所述,您在日期前后没有报价。 Your syntax would create this SQL:
您的语法将创建以下SQL:
... WHERE `id` = 123 AND `date` = 2018-06-12 -- WRONG
But correct syntax is as follows. 但是正确的语法如下。 In other words, a date constant should be delimited by single-quotes.
换句话说,日期常数应该用单引号引起来。
... WHERE `id` = 123 AND `date` = '2018-06-12' -- RIGHT
Your second try with back-ticks is also wrong. 您第二次尝试使用反勾号也是错误的。 The back-ticks are for delimited identifiers like column names or table names.
反引号用于分隔标识符,例如列名或表名。 This syntax would mean that you're comparing
id
to a column whose name is 123
, and I assume you don't have such a column. 这种语法意味着您正在将
id
与名称为123
的列进行比较,并且我假设您没有这样的列。 Same for the back-ticks around the date—it's interpreted as a column named 2018-06-12
which is unlikely. 该日期前后的
2018-06-12
也一样,它被解释为名为2018-06-12
的列,这不太可能。 MySQL does not treat back-ticks the same as single-quotes. MySQL不会将反引号与单引号相同。
... WHERE `id` = `123` AND `date` = `2018-06-12` -- WRONG
However, there's a much easier solution. 但是,有一个更简单的解决方案。 You won't have to worry about quotes if you use query parameters:
如果使用查询参数,则不必担心引号:
$sql = "SELECT * FROM `{$this->table}` WHERE `id` = ? AND `date` = ?";
$stmt = $this->pdo->prepare($sql);
$stmt->execute([$id, $date]);
You're already using prepare()
, so you should use it to its best advantage and use query parameters (the ?
placeholders) instead of interpolating variables into your SQL query string. 您已经在使用
prepare()
,因此应该最大程度地利用它,并使用查询参数( ?
占位符),而不是将变量插值到SQL查询字符串中。
You don't need quotes around strings or dates when you use parameters. 使用参数时,不需要在字符串或日期前后加上引号。 In fact, you must NOT use quotes to delimit the
?
实际上,您不能使用引号分隔
?
parameter placeholders. 参数占位符。
Notice I also show the PHP syntax for putting a variable directly into a string without breaking the string and using .
请注意,我还展示了PHP语法,该语法可将变量直接放入字符串中而不破坏字符串并使用
.
for concatenation. 用于串联。 You can do this if your PHP string is delimited with double-quotes.
如果您的PHP字符串用双引号分隔,则可以执行此操作。 Read http://php.net/manual/en/language.types.string.php#language.types.string.parsing for details.
阅读http://php.net/manual/en/language.types.string.php#language.types.string.parsing了解详细信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.