【问题标题】:Php Execute Query returns wrong outputPHP 执行查询返回错误的输出
【发布时间】:2020-04-23 14:41:00
【问题描述】:

我需要帮助我已经在我的代码中添加了过滤器,它们都工作正常,但只有月和年过滤器会产生冲突,尽管当我在 PHPMyAdmin 中打印 SQL 时,我得到了想要的结果,但不是 HTML 形式。

请检查我下面的代码

global $wpdb;

                if(isset($_GET['datepickervalue']) && !empty($_GET['datepickervalue'])){
                    $quotecreateddate = $_GET['datepickervalue'];
                }else{
                    $quotecreateddate = '';
                }
                if(isset($_GET['quotes_vehicle']) && !empty($_GET['quotes_vehicle'])){
                    $quotes_vehicle = $_GET['quotes_vehicle'];
                }else{
                    $quotes_vehicle = '';
                }

                if(isset($_GET['quotes_departure']) && !empty($_GET['quotes_departure'])){
                    $quotes_departure = $_GET['quotes_departure'];
                }else{
                    $quotes_departure = '';
                }
                if(isset($_GET['quotes_destination']) && !empty($_GET['quotes_destination'])){
                    $quotes_destination = $_GET['quotes_destination'];
                }else{
                    $quotes_destination = '';
                }

                if(isset($_GET['quote_number']) && !empty($_GET['quote_number'])){
                    $quote_number = $_GET['quote_number'];
                }else{
                    $quote_number = '';
                }

                if(isset($_GET['quotes_length']) && !empty($_GET['quotes_length'])){
                    $quotes_length = $_GET['quotes_length'];
                }else{
                    $quotes_length = 10;
                }
                $sql = "SELECT * FROM ". $wpdb->prefix ."quotes AS q LEFT JOIN ". $wpdb->prefix ."vehicles AS v ON q.vehicle = v.vehicle_id LEFT JOIN ". $wpdb->prefix ."departure AS dep ON q.departure_port = dep.departure_id LEFT JOIN ". $wpdb->prefix ."destination AS des ON q.destination_port = des.destination_id " ;
                $sql .= " WHERE form_id = 1 ";

                $total_query = "SELECT COUNT(id) FROM ". $wpdb->prefix ."quotes AS q LEFT JOIN  ". $wpdb->prefix ."vehicles AS v ON q.vehicle = v.vehicle_id LEFT JOIN ". $wpdb->prefix ."departure AS dep ON q.departure_port = dep.departure_id LEFT JOIN ". $wpdb->prefix ."destination AS des ON q.destination_port = des.destination_id ";

                $total_query .= " WHERE form_id = 1 ";




                if(isset($quotes_vehicle) && !empty($quotes_vehicle)){
                    $sql .= " AND q.vehicle = '".$_GET['quotes_vehicle']."' ";
                    $total_query .= " AND q.vehicle = '".$_GET['quotes_vehicle']."' ";
                }
                if(isset($quotes_departure) && !empty($quotes_departure)){
                    $sql .= " AND q.departure_port = '".$_GET['quotes_departure']."' ";
                    $total_query .= " AND q.departure_port = '".$_GET['quotes_departure']."' ";
                }
                if(isset($quotes_destination) && !empty($quotes_destination)){
                    $sql .= " AND q.destination_port = '".$_GET['quotes_destination']."' ";
                    $total_query .= " AND q.destination_port = '".$_GET['quotes_destination']."' ";
                }
                if(isset($quote_number) && !empty($quote_number)){
                    $sql .= " AND q.id LIKE '%".$_GET['quote_number']."%' ";
                    $total_query .= " AND q.id LIKE '%".$_GET['quote_number']."%' ";
                }
            if(isset($quotecreateddate) && !empty($quotecreateddate)){
                    $sql .= "AND DATE_FORMAT(q.created_at , '%Y-%m-%d' )  = '".$quotecreateddate."' ";
                    $total_query .= "AND DATE_FORMAT(q.created_at , '%Y-%m-%d' )  = '".$quotecreateddate."' ";
                }
                if(isset($quotes_length) && !empty($quotes_length)){
                    $sql .= " ORDER BY `id` DESC ";
                    $total_query .= " ORDER BY `id` DESC ";
                }

                echo $sql;
                if(isset($_GET['paged']) && !empty($_GET['paged'])){
                    $paged = $_GET['paged'];
                }else{
                    $paged = 1;
                }
                $total              = $wpdb->get_var( $total_query );
                $items_per_page     = $quotes_length; 
                $offset             = ( $paged * $items_per_page ) - $items_per_page;
                $sql .= " LIMIT ${offset}, ${items_per_page}";

                $getallquotes       = $wpdb->get_results( $sql);

我得到的结果对于我使用 foreach 循环获取的 HTML 中的所有日期都是相同的,total_query 中的分页计数也显示正确,但 SQL 查询仅显示每个日期的最后添加条目

提前感谢您的帮助

【问题讨论】:

  • 欢迎来到 Stack Overflow!为什么在第二组if 语句中使用$_GET['quotes_vehicle']?通过检查变量 isset 是否为空,您已经声明了保存该信息的变量。您可以考虑将第二组 if 语句缩短为仅 ( ! empty( variable ) ),因为您知道它已经在您为它们分配值的第一组 if 中设置。
  • 好的,现在我已经从第二个 if 语句中删除了它们

标签: php mysql database wordpress


【解决方案1】:

如果您在 phpMyAdmin 上获得了很好的结果,但在脚本本身上却没有,那么请执行 echo($sql); die($sql); 并验证 sql 查询是否相同。

在调用此页面的页面上,验证 URL GET 变量的 URL 编码是否正确。

最后,应该使用mysql_real_escape_string(); 之类的东西对变量进行适当的清理,这样当它上线时就不会发生 SQL 注入攻击。

【讨论】:

  • 我确实打印了 echo $sql,即使查询也显示正确
  • 当我死掉 foreach 变量时,它不会显示正在打印的 sql 查询的输出
  • 我没有看到任何 foreach,你在说:$wpdb->get_results( $sql); 吗?它显示的是哪个输出,有什么不同?
【解决方案2】:

这可能无法解决问题(也不一定是答案),但您应该考虑精简代码:

<?php
global $wpdb;

// Set all your empty variables here. No reason to use an else statement.
$quote_created_date = '';
$quotes_vehicle     = '';
$quotes_departure   = '';
$quotes_destination = '';
$quote_number       = '';
$quotes_length      = 10;


if ( isset( $_GET[ 'datepickervalue' ] ) && ! empty( $_GET[ 'datepickervalue' ] ) ) {
    $quote_created_date = esc_sql( $_GET[ 'datepickervalue' ] );
}

if ( isset( $_GET[ 'quotes_vehicle' ] ) && ! empty( $_GET[ 'quotes_vehicle' ] ) ) {
    $quotes_vehicle = esc_sql( $_GET[ 'quotes_vehicle' ] );
}

if ( isset( $_GET[ 'quotes_departure' ] ) && ! empty( $_GET[ 'quotes_departure' ] ) ) {
    $quotes_departure = esc_sql( $_GET[ 'quotes_departure' ] );
}

if ( isset( $_GET[ 'quotes_destination' ] ) && ! empty( $_GET[ 'quotes_destination' ] ) ) {
    $quotes_destination = esc_sql( $_GET[ 'quotes_destination' ] );
}

if ( isset( $_GET[ 'quote_number' ] ) && ! empty( $_GET[ 'quote_number' ] ) ) {
    $quote_number = esc_sql( $_GET[ 'quote_number' ] );
}

if ( isset( $_GET[ 'quotes_length' ] ) && ! empty( $_GET[ 'quotes_length' ] ) ) {
    $quotes_length = esc_sql( $_GET[ 'quotes_length' ] );
}

$sql = "SELECT * FROM " . $wpdb->prefix . "quotes AS q LEFT JOIN " . $wpdb->prefix . "vehicles AS v ON q.vehicle = v.vehicle_id LEFT JOIN " . $wpdb->prefix . "departure AS dep ON q.departure_port = dep.departure_id LEFT JOIN " . $wpdb->prefix . "destination AS des ON q.destination_port = des.destination_id ";
$sql .= " WHERE form_id = 1 ";

$total_query = "SELECT COUNT(id) FROM " . $wpdb->prefix . "quotes AS q LEFT JOIN  " . $wpdb->prefix . "vehicles AS v ON q.vehicle = v.vehicle_id LEFT JOIN " . $wpdb->prefix . "departure AS dep ON q.departure_port = dep.departure_id LEFT JOIN " . $wpdb->prefix . "destination AS des ON q.destination_port = des.destination_id ";

$total_query .= " WHERE form_id = 1 ";

// Now just check if your variables are empty or not.
if ( ! empty( $quotes_vehicle ) ) {
    $sql         .= " AND q.vehicle = '" . $quotes_vehicle . "' ";
    $total_query .= " AND q.vehicle = '" . $quotes_vehicle . "' ";
}
if ( ! empty( $quotes_departure ) ) {
    $sql         .= " AND q.departure_port = '" . $quotes_departure . "' ";
    $total_query .= " AND q.departure_port = '" . $quotes_departure . "' ";
}
if ( ! empty( $quotes_destination ) ) {
    $sql         .= " AND q.destination_port = '" . $quotes_destination . "' ";
    $total_query .= " AND q.destination_port = '" . $quotes_destination . "' ";
}
if ( ! empty( $quote_number ) ) {
    $sql         .= " AND q.id LIKE '%" . $quote_number . "%' ";
    $total_query .= " AND q.id LIKE '%" . $quote_number . "%' ";
}
if ( ! empty( $quote_created_date ) ) {
    $sql         .= "AND DATE_FORMAT(q.created_at , '%Y-%m-%d' )  = '" . $quote_created_date . "' ";
    $total_query .= "AND DATE_FORMAT(q.created_at , '%Y-%m-%d' )  = '" . $quote_created_date . "' ";
}

// No need to wrap this in an if statement since you are setting the value as 10 if there isn't a value.
$sql         .= " ORDER BY `id` DESC ";
$total_query .= " ORDER BY `id` DESC ";

echo $sql;
if ( isset( $_GET[ 'paged' ] ) && ! empty( $_GET[ 'paged' ] ) ) {
    $paged = $_GET[ 'paged' ];
} else {
    $paged = 1;
}
$total          = $wpdb->get_var( $total_query );
$items_per_page = $quotes_length;
$offset         = ( $paged * $items_per_page ) - $items_per_page;
$sql            .= " LIMIT ${offset}, ${items_per_page}";

$getallquotes = $wpdb->get_results( $sql );

【讨论】:

  • 我认为问题在于从数据库中获取日期 $datetime = date('d M Y - h:i:s A', strtotime($quote->created_at));这是在中显示错误的日期
  • @Dharman 这不是一个答案,只是他们代码的清理版本,使用内置 sql 转义的 WP 进行了一些安全防护。 OP 在生产上的作用是另一回事。为什么不写一个答案来解决他们的问题并防止 SQL 注入?
猜你喜欢
  • 1970-01-01
  • 1970-01-01
  • 2015-07-27
  • 1970-01-01
  • 2012-12-29
  • 1970-01-01
  • 2019-05-05
  • 2016-06-29
  • 1970-01-01
相关资源
最近更新 更多