Php执行查询返回错误的输出
我需要帮助我在代码中添加了过滤器,它们都工作正常,但只有月份和年份过滤器会产生冲突,尽管当我在PHPMyAdmin中打印SQL时,我得到了所需的结果,但不是HTML格式 请检查我下面的代码Php执行查询返回错误的输出,php,mysql,database,wordpress,Php,Mysql,Database,Wordpress,我需要帮助我在代码中添加了过滤器,它们都工作正常,但只有月份和年份过滤器会产生冲突,尽管当我在PHPMyAdmin中打印SQL时,我得到了所需的结果,但不是HTML格式 请检查我下面的代码 global $wpdb; if(isset($_GET['datepickervalue']) && !empty($_GET['datepickervalue'])){ $quotecreateddate = $_G
global $wpdb;
if(isset($_GET['datepickervalue']) && !empty($_GET['datepickervalue'])){
$quotecreateddate = $_GET['datepickervalue'];
}else{
$quotecreateddate = '';
}
if(isset($_GET['quotes_vehicle']) && !empty($_GET['quotes_vehicle'])){
$quotes_vehicle = $_GET['quotes_vehicle'];
}else{
$quotes_vehicle = '';
}
if(isset($_GET['quotes_departure']) && !empty($_GET['quotes_departure'])){
$quotes_departure = $_GET['quotes_departure'];
}else{
$quotes_departure = '';
}
if(isset($_GET['quotes_destination']) && !empty($_GET['quotes_destination'])){
$quotes_destination = $_GET['quotes_destination'];
}else{
$quotes_destination = '';
}
if(isset($_GET['quote_number']) && !empty($_GET['quote_number'])){
$quote_number = $_GET['quote_number'];
}else{
$quote_number = '';
}
if(isset($_GET['quotes_length']) && !empty($_GET['quotes_length'])){
$quotes_length = $_GET['quotes_length'];
}else{
$quotes_length = 10;
}
$sql = "SELECT * FROM ". $wpdb->prefix ."quotes AS q LEFT JOIN ". $wpdb->prefix ."vehicles AS v ON q.vehicle = v.vehicle_id LEFT JOIN ". $wpdb->prefix ."departure AS dep ON q.departure_port = dep.departure_id LEFT JOIN ". $wpdb->prefix ."destination AS des ON q.destination_port = des.destination_id " ;
$sql .= " WHERE form_id = 1 ";
$total_query = "SELECT COUNT(id) FROM ". $wpdb->prefix ."quotes AS q LEFT JOIN ". $wpdb->prefix ."vehicles AS v ON q.vehicle = v.vehicle_id LEFT JOIN ". $wpdb->prefix ."departure AS dep ON q.departure_port = dep.departure_id LEFT JOIN ". $wpdb->prefix ."destination AS des ON q.destination_port = des.destination_id ";
$total_query .= " WHERE form_id = 1 ";
if(isset($quotes_vehicle) && !empty($quotes_vehicle)){
$sql .= " AND q.vehicle = '".$_GET['quotes_vehicle']."' ";
$total_query .= " AND q.vehicle = '".$_GET['quotes_vehicle']."' ";
}
if(isset($quotes_departure) && !empty($quotes_departure)){
$sql .= " AND q.departure_port = '".$_GET['quotes_departure']."' ";
$total_query .= " AND q.departure_port = '".$_GET['quotes_departure']."' ";
}
if(isset($quotes_destination) && !empty($quotes_destination)){
$sql .= " AND q.destination_port = '".$_GET['quotes_destination']."' ";
$total_query .= " AND q.destination_port = '".$_GET['quotes_destination']."' ";
}
if(isset($quote_number) && !empty($quote_number)){
$sql .= " AND q.id LIKE '%".$_GET['quote_number']."%' ";
$total_query .= " AND q.id LIKE '%".$_GET['quote_number']."%' ";
}
if(isset($quotecreateddate) && !empty($quotecreateddate)){
$sql .= "AND DATE_FORMAT(q.created_at , '%Y-%m-%d' ) = '".$quotecreateddate."' ";
$total_query .= "AND DATE_FORMAT(q.created_at , '%Y-%m-%d' ) = '".$quotecreateddate."' ";
}
if(isset($quotes_length) && !empty($quotes_length)){
$sql .= " ORDER BY `id` DESC ";
$total_query .= " ORDER BY `id` DESC ";
}
echo $sql;
if(isset($_GET['paged']) && !empty($_GET['paged'])){
$paged = $_GET['paged'];
}else{
$paged = 1;
}
$total = $wpdb->get_var( $total_query );
$items_per_page = $quotes_length;
$offset = ( $paged * $items_per_page ) - $items_per_page;
$sql .= " LIMIT ${offset}, ${items_per_page}";
$getallquotes = $wpdb->get_results( $sql);
提前谢谢
< p>这可能解决不了问题(也不一定是答案),但是你应该考虑修剪你的代码:<?php
global $wpdb;
// Set all your empty variables here. No reason to use an else statement.
$quote_created_date = '';
$quotes_vehicle = '';
$quotes_departure = '';
$quotes_destination = '';
$quote_number = '';
$quotes_length = 10;
if ( isset( $_GET[ 'datepickervalue' ] ) && ! empty( $_GET[ 'datepickervalue' ] ) ) {
$quote_created_date = esc_sql( $_GET[ 'datepickervalue' ] );
}
if ( isset( $_GET[ 'quotes_vehicle' ] ) && ! empty( $_GET[ 'quotes_vehicle' ] ) ) {
$quotes_vehicle = esc_sql( $_GET[ 'quotes_vehicle' ] );
}
if ( isset( $_GET[ 'quotes_departure' ] ) && ! empty( $_GET[ 'quotes_departure' ] ) ) {
$quotes_departure = esc_sql( $_GET[ 'quotes_departure' ] );
}
if ( isset( $_GET[ 'quotes_destination' ] ) && ! empty( $_GET[ 'quotes_destination' ] ) ) {
$quotes_destination = esc_sql( $_GET[ 'quotes_destination' ] );
}
if ( isset( $_GET[ 'quote_number' ] ) && ! empty( $_GET[ 'quote_number' ] ) ) {
$quote_number = esc_sql( $_GET[ 'quote_number' ] );
}
if ( isset( $_GET[ 'quotes_length' ] ) && ! empty( $_GET[ 'quotes_length' ] ) ) {
$quotes_length = esc_sql( $_GET[ 'quotes_length' ] );
}
$sql = "SELECT * FROM " . $wpdb->prefix . "quotes AS q LEFT JOIN " . $wpdb->prefix . "vehicles AS v ON q.vehicle = v.vehicle_id LEFT JOIN " . $wpdb->prefix . "departure AS dep ON q.departure_port = dep.departure_id LEFT JOIN " . $wpdb->prefix . "destination AS des ON q.destination_port = des.destination_id ";
$sql .= " WHERE form_id = 1 ";
$total_query = "SELECT COUNT(id) FROM " . $wpdb->prefix . "quotes AS q LEFT JOIN " . $wpdb->prefix . "vehicles AS v ON q.vehicle = v.vehicle_id LEFT JOIN " . $wpdb->prefix . "departure AS dep ON q.departure_port = dep.departure_id LEFT JOIN " . $wpdb->prefix . "destination AS des ON q.destination_port = des.destination_id ";
$total_query .= " WHERE form_id = 1 ";
// Now just check if your variables are empty or not.
if ( ! empty( $quotes_vehicle ) ) {
$sql .= " AND q.vehicle = '" . $quotes_vehicle . "' ";
$total_query .= " AND q.vehicle = '" . $quotes_vehicle . "' ";
}
if ( ! empty( $quotes_departure ) ) {
$sql .= " AND q.departure_port = '" . $quotes_departure . "' ";
$total_query .= " AND q.departure_port = '" . $quotes_departure . "' ";
}
if ( ! empty( $quotes_destination ) ) {
$sql .= " AND q.destination_port = '" . $quotes_destination . "' ";
$total_query .= " AND q.destination_port = '" . $quotes_destination . "' ";
}
if ( ! empty( $quote_number ) ) {
$sql .= " AND q.id LIKE '%" . $quote_number . "%' ";
$total_query .= " AND q.id LIKE '%" . $quote_number . "%' ";
}
if ( ! empty( $quote_created_date ) ) {
$sql .= "AND DATE_FORMAT(q.created_at , '%Y-%m-%d' ) = '" . $quote_created_date . "' ";
$total_query .= "AND DATE_FORMAT(q.created_at , '%Y-%m-%d' ) = '" . $quote_created_date . "' ";
}
// No need to wrap this in an if statement since you are setting the value as 10 if there isn't a value.
$sql .= " ORDER BY `id` DESC ";
$total_query .= " ORDER BY `id` DESC ";
echo $sql;
if ( isset( $_GET[ 'paged' ] ) && ! empty( $_GET[ 'paged' ] ) ) {
$paged = $_GET[ 'paged' ];
} else {
$paged = 1;
}
$total = $wpdb->get_var( $total_query );
$items_per_page = $quotes_length;
$offset = ( $paged * $items_per_page ) - $items_per_page;
$sql .= " LIMIT ${offset}, ${items_per_page}";
$getallquotes = $wpdb->get_results( $sql );
如果您在phpMyAdmin上获得了很好的结果,但在脚本本身上没有,那么就执行echo($sql);死亡($sql)
并验证sql查询是否相同
在调用此页面的页面上,验证URL GET变量的URL编码是否正确
最后,应该使用类似于mysql\u real\u escape\u string()的方法对变量进行适当的清理这样,在启动时就不会发生SQL注入攻击。欢迎使用堆栈溢出!为什么在第二组if
语句中使用$\u GET['quotes\u vehicle']
?通过检查变量是否已设置且不为空,您已经声明了保存该信息的变量。您可以考虑将第二组if语句缩短为<代码>((空)(变量))>代码>,因为您知道它已经设置在第一组<代码> >如果< /Cord>中,您将值赋值给它们。即使查询也显示正确当我关闭foreach变量时,它也没有显示sql查询正在打印的输出我没有看到任何foreach,你是说:$wpdb->get_results($sql)?它显示的是哪个输出,有什么不同?我认为问题在于从数据库$datetime=date('dmy-h:I:sa',strottime($quote->created_at))获取日期;这显示的日期不对in@Dharman这并不是一个答案,只是他们代码的一个清理版本,使用WP内置的sql转义提供了一点安全保护。OP在制作中所做的是另一回事。为什么不写一个答案来解决他们的问题并防止SQL注入呢?