PHP MYSQL不硬编码Limit子句的值时出错
在尝试使用通过$\u get[]检索的值时,我会获取并出错,尤其是$start和$end,我使用它们来限制结果的数量。每当我硬编码最底层代码中的值时,服务器都会毫无问题地获取结果。为什么我不能传递一个参数来限制使用PHP PDO为MySQL准备的语句 这就是我得到的错误PHP MYSQL不硬编码Limit子句的值时出错,php,mysql,pdo,Php,Mysql,Pdo,在尝试使用通过$\u get[]检索的值时,我会获取并出错,尤其是$start和$end,我使用它们来限制结果的数量。每当我硬编码最底层代码中的值时,服务器都会毫无问题地获取结果。为什么我不能传递一个参数来限制使用PHP PDO为MySQL准备的语句 这就是我得到的错误 Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 10
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]:
Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0', '20'
ORDER by orders.order_placed' at line 10' in /base/data/home/apps/s~beta/1.383539951926438776/admin/get/getorderitems.php:35
Stack trace:
#0 /base/data/home/apps/s~beta/1.383539951926438776/admin/get/getorderitems.php(35): PDOStatement->execute()
#1 {main}
thrown in /base/data/home/apps/s~beta/1.383539951926438776/admin/get/getorderitems.php on line 35
<?php
error_reporting(E_ALL); ini_set('display_errors', 1);
require('../../dbconnect.php');
$stadiums_id = $_GET['stadiums_id'];
$time = $_GET['time'];
$time_12ago = $time - 43200000; // last 12 hours
$start = 0 + $_GET['start']; // used for limit clause
$end = $start + 20;
$page = $_GET['page'];
$json;
// incoming order
if($page === "incoming"){
$statement=$con->prepare('SELECT orders.*,orders_has_items.*,
customers.id,customers.fname,customers.lname,items.*
FROM orders_has_items,items,orders,customers
WHERE orders.stadiums_id = :stadiums_id
AND orders_has_items.items_id = items.id
AND orders.id = orders_has_items.orders_id
AND customers.id = orders.customers_id
AND (orders.order_prepared IS NULL)
AND orders.create_time BETWEEN :time_12ago AND :time
ORDER by orders.order_placed
limit :start, :end');
$statement->bindParam(':stadiums_id',$stadiums_id); // bind param to variable
$statement->bindParam(':time_12ago',$time_12ago); // bind param to variable
$statement->bindParam(':time',$time); // bind param to variable
$statement->bindParam(':start',$start); // bind param to variable
$statement->bindParam(':end',$end); // bind param to variable
$statement->execute();
$results=$statement->fetchAll(PDO::FETCH_ASSOC);
$json=json_encode($results);
}
默认情况下,
bindParam()
将参数绑定为字符串。在将值传递给bind函数之前将其强制转换为整数,并将数据类型设置为PDO::PARAM_INT
$statement->bindParam(':start',(int)$start, PDO::PARAM_INT)); // bind param to variable
$statement->bindParam(':end',(int)$end, PDO::PARAM_INT)); // bind param to variable
我想你是对的!它添加了单引号,我早些时候尝试将它转换为int,希望它能删除它们。我要试试他们的施法,看看能不能解决这个问题。谢谢你的链接!请参阅错误消息中的双引号,
“0”
?它被读取为字符串而不是INT。在我需要数据库连接文件$dbconnect->setAttribute(PDO::ATTR\u EMULATE\u PREPARES,false)之后,我在右上角添加了这一行代码>这似乎工作得很完美。增加那一行有什么问题吗?
$statement->bindParam(':start',(int)$start, PDO::PARAM_INT)); // bind param to variable
$statement->bindParam(':end',(int)$end, PDO::PARAM_INT)); // bind param to variable