我在很多情况下选择桌子时遇到问题,有人可以帮帮我吗?
$tbl_name =$_POST['report'];
if($tbl_name=="dailymeal")
$select = "SELECT * FROM '$tbl_name' where a4>='$tanggal_awal' and a4 <='$tanggal_akhir'";
if($table_name="infomeal")
{ $select = "SELECT * FROM `".$tbl_name."` where tanggal >=`".$tanggal_awal."` and tanggal <=`".$tanggal_akhir."`"; }
if($table_name="keluhan")
{ $select = "SELECT * FROM `".$tbl_name."` where tlapor >=`".$tanggal_awal."` and tlapor <=`".$tanggal_akhir."`"; }
if($table_name="perjalanan")
{ $select = "SELECT * FROM `".$tbl_name."` where request_date>=`".$tanggal_awal."` and request_date <=`".$tanggal_akhir."`"; }
if($table_name="tamu")
{ $select = "SELECT * FROM `".$tbl_name."` where jam_masuk>=`".$tanggal_awal."` and jam_masuk <=`".$tanggal_akhir."`"; }
if($table_name="tiket")
{ $select = "SELECT * FROM `".$tbl_name."` where waktu_input>=`".$tanggal_awal."` and waktu_input <=`".$tanggal_akhir."`"; }
if($table_name="trx_kons")
{ $select = "SELECT * FROM `".$tbl_name."` where date_trx>=`".$tanggal_awal."` and date_trx <=`".$tanggal_akhir."`"; }
if($table_name="uniform")
{ $select = "SELECT * FROM `".$tbl_name."` where reqtime >=`".$tanggal_awal."` and reqtime <=`".$tanggal_akhir."`"; }
if($table_name="konsumable")
{ $select = "SELECT * FROM `".$tbl_name."`"; }
mysql_query('SET NAMES utf8;');
$export = mysql_query($select);
查询&#39;其中&#39;根本不工作。我尝试选择date1和date2之间的所有数据。 我想在这做什么?
答案 0 :(得分:2)
首先, 您可能希望将所有$table_name更改为$tbl_name,因为就目前而言,您使用的是两个不同的变量表检查。或者为了使其更简单,将$tbl_name的所有实例更改为$table_name,这将需要更少的工作。所以在这一点上,你不确定要使用哪个变量,或者你有更多的代码可能没有向我们展示。
即:if($tbl_name=="dailymeal")和if($table_name="infomeal")
因此,你很可能想要使用它:
$table_name =$_POST['report'];
if($table_name=="dailymeal")
现在,你有FROM '$tbl_name'个引号,如果你想逃避它们,需要删除或使用反引号。
您应该使用(或意图使用)与
中使用的方法相同的方法SELECT * FROM `".$tbl_name."`
另外,您指的是=,而不是使用==和其他许多人比较if($table_name="infomeal")。
if($tbl_name=="dailymeal")
比较==: http://www.php.net/manual/en/language.operators.comparison.php
作业=: http://www.php.net/manual/en/language.operators.assignment.php
重写:
$tbl_name = $_POST['report']; // or $table_name
// or $table_name
if($tbl_name=="dailymeal"){
$select = "SELECT * FROM `".$tbl_name."` where a4>='$tanggal_awal' and a4 <='$tanggal_akhir'";
// alternate method
// $select = "SELECT * FROM $tbl_name where a4>='$tanggal_awal' and a4 <='$tanggal_akhir'";
}
if($table_name=="infomeal"){
$select = "SELECT * FROM `".$tbl_name."` where tanggal >=`".$tanggal_awal."` and tanggal <=`".$tanggal_akhir."`";
}
if($table_name=="keluhan"){
$select = "SELECT * FROM `".$tbl_name."` where tlapor >=`".$tanggal_awal."` and tlapor <=`".$tanggal_akhir."`";
}
if($table_name=="perjalanan"){
$select = "SELECT * FROM `".$tbl_name."` where request_date>=`".$tanggal_awal."` and request_date <=`".$tanggal_akhir."`";
}
if($table_name=="tamu"){
$select = "SELECT * FROM `".$tbl_name."` where jam_masuk>=`".$tanggal_awal."` and jam_masuk <=`".$tanggal_akhir."`";
}
if($table_name=="tiket"){
$select = "SELECT * FROM `".$tbl_name."` where waktu_input>=`".$tanggal_awal."` and waktu_input <=`".$tanggal_akhir."`";
}
if($table_name=="trx_kons"){
$select = "SELECT * FROM `".$tbl_name."` where date_trx>=`".$tanggal_awal."` and date_trx <=`".$tanggal_akhir."`";
}
if($table_name=="uniform"){
$select = "SELECT * FROM `".$tbl_name."` where reqtime >=`".$tanggal_awal."` and reqtime <=`".$tanggal_akhir."`";
}
if($table_name=="konsumable"){
$select = "SELECT * FROM `".$tbl_name."`";
}
mysql_query('SET NAMES utf8;');
$export = mysql_query($select);
<强>脚注:
您目前的代码向SQL injection开放。使用prepared statements或PDO。
mysql_*函数弃用通知:
http://www.php.net/manual/en/intro.mysql.php
从PHP 5.5.0开始,不推荐使用此扩展,不建议用于编写新代码,因为将来会删除它。相反,应使用mysqli或PDO_MySQL扩展名。在选择MySQL API时,另请参阅MySQL API Overview以获得进一步的帮助。
这些功能允许您访问MySQL数据库服务器。有关MySQL的更多信息,请访问»http://www.mysql.com/。
可以在»http://dev.mysql.com/doc/找到MySQL的文档。
<强>调试/故障排除
将错误报告添加到文件顶部,这将有助于生产测试。
error_reporting(E_ALL);
ini_set('display_errors', 1);
答案 1 :(得分:1)
试试这个。基本的清理工作至少可以说明一些问题:
$select = '';
$tbl_name = $_POST['report'];
if ($tbl_name == "dailymeal") {
$select = "SELECT * FROM `" . $tbl_name . "` WHERE a4 >= '$tanggal_awal' AND a4 <= '$tanggal_akhir'";
}
if ($tbl_name == "info meal") {
$select = "SELECT * FROM `" . $tbl_name . "` WHERE tanggal >= `" . $tanggal_awal . "` AND tanggal <= `".$tanggal_akhir."`";
}
if ($tbl_name == "keluhan") {
$select = "SELECT * FROM `" . $tbl_name. "` WHERE tlapor >= `" . $tanggal_awal . "` AND tlapor <= `".$tanggal_akhir."`";
}
if ($tbl_name == "perjalanan") {
$select = "SELECT * FROM `" . $tbl_name . "` WHERE request_date >= `" . $tanggal_awal . "` AND request_date <= `".$tanggal_akhir."`";
}
if ($tbl_name == "tamu") {
$select = "SELECT * FROM `" . $tbl_name . "` wh WHERE ere jam_masuk >= `" . $tanggal_awal . "` AND jam_masuk <= `".$tanggal_akhir."`";
}
if ($tbl_name == "ticket") {
$select = "SELECT * FROM `" . $tbl_name . "` WHERE waktu_input >= `" . $tanggal_awal . "` AND waktu_input <= `".$tanggal_akhir."`";
}
if ($tbl_name == "trx_kons") {
$select = "SELECT * FROM `" . $tbl_name . "` WHERE date_trx >= `" . $tanggal_awal . "` AND date_trx <=`".$tanggal_akhir."`";
}
if ($tbl_name == "uniform") {
$select = "SELECT * FROM `" . $tbl_name . "` WHERE reqtime >= `" . $tanggal_awal . "` AND reqtime <=`".$tanggal_akhir."`";
}
if ($tbl_name == "consumable") {
$select = "SELECT * FROM `" . $tbl_name . "`";
}
if (!empty($select)) {
mysql_query('SET NAMES utf8;');
$export = mysql_query($select);
}
这些问题没有特别的顺序 - 以下内容:
$tbl_name和其他地方的$table_name。所以我将它们全部设置为$tbl_name。if语句实际上都是分配。例如if($table_name="perjalanan")应使用==,因此if($tbl_name == "perjalanan")就是这样。SELECT有SELECT * FROM '$tbl_name'由于单引号(')而无效,因此我将其全部更改为其余部分:SELECT * FROM“ 。$ tbl_name。“``{语句不需要} if括号,但我发现它们对于可读性非常有用。与基本缩进同上。像这样格式化代码似乎很麻烦,但在一天结束时它可以节省您的时间和时间。使代码对其他人更具可读性。.连接:"SELECT * FROM“。$ tbl_name。”You could just write it like this: `"SELECT * FROM `$tbl_name`因为双引号允许用于字符串替换。但是我只是将它与.一样保留,但只添加了空格,因为我发现该格式也更具可读性。答案 2 :(得分:0)
MySQL 已弃用。你应该尝试至少 MySQLi 。 $table_name来自哪里?我认为你的意思是$tbl_name,对吗?你可以试试这个:
<?php
/* ESTABLISH CONNECTION */
$connect=mysqli_connect("YourHost","YourUsername","YourPassword","YourDatabase");
if(mysqli_connect_errno()){
echo "Error".mysqli_connect_error();
}
$tbl_name = mysqli_real_escape_string($connect,$_POST['report']); /* ESCAPE_STRING SUBMITTED DATA */
if($tbl_name=="dailymeal") {
$select = "SELECT * FROM dailymeal WHERE a4>='$tanggal_awal' AND a4 <='$tanggal_akhir'";
}
if($tbl_name=="infomeal")
{ $select = "SELECT * FROM infomeal WHERE tanggal>=`".$tanggal_awal."` AND tanggal <=`".$tanggal_akhir."`"; }
if($tbl_name=="keluhan")
{ $select = "SELECT * FROM keluhan WHERE tlapor>=`".$tanggal_awal."` AND tlapor <=`".$tanggal_akhir."`"; }
if($tbl_name=="perjalanan")
{ $select = "SELECT * FROM perjalanan WHERE request_date>=`".$tanggal_awal."` AND request_date <=`".$tanggal_akhir."`"; }
if($tbl_name=="tamu")
{ $select = "SELECT * FROM tamu WHERE jam_masuk>=`".$tanggal_awal."` AND jam_masuk <=`".$tanggal_akhir."`"; }
if($tbl_name=="tiket")
{ $select = "SELECT * FROM tiket WHERE waktu_input>=`".$tanggal_awal."` AND waktu_input <=`".$tanggal_akhir."`"; }
if($tbl_name=="trx_kons")
{ $select = "SELECT * FROM trx_kons WHERE date_trx>=`".$tanggal_awal."` AND date_trx <=`".$tanggal_akhir."`"; }
if($tbl_name=="uniform")
{ $select = "SELECT * FROM uniform WHERE reqtime>=`".$tanggal_awal."` AND reqtime <=`".$tanggal_akhir."`"; }
if($tbl_name=="konsumable")
{ $select = "SELECT * FROM konsumable"; }
if(empty($select)){
"Please fill the text box properly.";
}
else {
mysqli_query('SET NAMES utf8;');
$export = mysqli_query($connect,$select);
}
?>
答案 3 :(得分:0)
也许,试试这个:
$tbl_name = $_POST['report'];
if($tbl_name=="dailymeal")
{ $select = "SELECT * FROM `".$tbl_name."` where a4>=`".$tanggal_awal."` and a4 <=`".$tanggal_akhir."`"; }
if($tbl_name=="infomeal")
{ $select = "SELECT * FROM `".$tbl_name."` where tanggal >=`".$tanggal_awal."` and tanggal <=`".$tanggal_akhir."`"; }
if($tbl_name=="keluhan")
{ $select = "SELECT * FROM `".$tbl_name."` where tlapor >=`".$tanggal_awal."` and tlapor <=`".$tanggal_akhir."`"; }
if($tbl_name=="perjalanan")
{ $select = "SELECT * FROM `".$tbl_name."` where request_date>=`".$tanggal_awal."` and request_date <=`".$tanggal_akhir."`"; }
if($tbl_name=="tamu")
{ $select = "SELECT * FROM `".$tbl_name."` where jam_masuk>=`".$tanggal_awal."` and jam_masuk <=`".$tanggal_akhir."`"; }
if($tbl_name=="tiket")
{ $select = "SELECT * FROM `".$tbl_name."` where waktu_input>=`".$tanggal_awal."` and waktu_input <=`".$tanggal_akhir."`"; }
if($tbl_name=="trx_kons")
{ $select = "SELECT * FROM `".$tbl_name."` where date_trx>=`".$tanggal_awal."` and date_trx <=`".$tanggal_akhir."`"; }
if($tbl_name=="uniform")
{ $select = "SELECT * FROM `".$tbl_name."` where reqtime >=`".$tanggal_awal."` and reqtime <=`".$tanggal_akhir."`"; }
if($tbl_name=="konsumable")
{ $select = "SELECT * FROM `".$tbl_name."`"; }
mysql_query('SET NAMES utf8;');
$export = mysql_query($select);
答案 4 :(得分:0)
您也有很高的注射攻击风险 - 如果有人向您的参数发送了除表名以外的内容($ _POST ['report'];)
在此处阅读有关注射攻击的更多信息: SQL injection that gets around mysql_real_escape_string()
答案 5 :(得分:0)
您可以极大地使用SQL中的 BETWEEN 来简化此代码,并使用哈希表来存储表和列之间的关系。
$table_fields = array(
"dailymeal" => "a4",
"infomeal" => "tanggal",
"keluhan" => "tlapor",
...
);
$tbl_name = $_POST['report'];
// check to make sure that tbl_name is a proper table name - don't trust the user input!
$field_nm = $table_fields[$tbl_name];
$select = "SELECT * FROM $tbl_name where $tanggal_awal BETWEEN $field_nm and $field_nm";
你可以做一些其他的清理,比如确保正确地转义值和/或使用绑定变量,但基本的想法是识别你的逻辑和模式中的模式。使用它们来简化代码。