php mysql大小写语法错误
以下是opencart的一部分: model/catalog/product.phpphp mysql大小写语法错误,php,mysql,sql,syntax,case,Php,Mysql,Sql,Syntax,Case,以下是opencart的一部分: model/catalog/product.php if (!empty($data['filter_manufacturer_id'])) { $sql .= " AND p.manufacturer_id = '" . (int)$data['filter_manufacturer_id'] . "'"; } $sql .= " GROUP BY p.product_id"; $sort_data = array( 'pd.name',
if (!empty($data['filter_manufacturer_id'])) {
$sql .= " AND p.manufacturer_id = '" . (int)$data['filter_manufacturer_id'] . "'";
}
$sql .= " GROUP BY p.product_id";
$sort_data = array(
'pd.name',
'p.model',
'p.quantity',
'p.price',
'rating',
'p.sort_order',
'p.date_added'
);
if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
if ($data['sort'] == 'pd.name' || $data['sort'] == 'p.model') {
$sql .= " ORDER BY LCASE(" . $data['sort'] . ")";
} elseif ($data['sort'] == 'p.price') {
$sql .= " ORDER BY (CASE WHEN special IS NOT NULL THEN special WHEN discount IS NOT NULL THEN discount ELSE p.price END)";
} else {
$sql .= " ORDER BY " . $data['sort'];
}
} else {
$sql .= " ORDER BY p.sort_order";
}
//Filter products based on slider price range
if ((isset($this->request->get['lower']))&&(isset($this->request->get['higher'])))
{
$sql .= " AND p.price >='". $this->request->get['lower'] ." ' AND p.price <='". $this->request->get['higher'] ."'" ;
}
//Filter products based on price slider
if (!empty($data['filter_manufacturer_id'])) {
$sql .= " AND p.manufacturer_id = '" . (int)$data['filter_manufacturer_id'] . "'";
}
$sql .= " GROUP BY p.product_id";
$sort_data = array(
'pd.name',
'p.model',
'p.quantity',
'p.price',
'rating',
'p.sort_order',
'p.date_added'
);
if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
if ($data['sort'] == 'pd.name' || $data['sort'] == 'p.model') {
$sql .= " ORDER BY LCASE(" . $data['sort'] . ")";
} elseif ($data['sort'] == 'p.price') {
$sql .= " ORDER BY (CASE WHEN special IS NOT NULL THEN special WHEN discount IS NOT NULL THEN discount ELSE p.price END)";
} else {
$sql .= " ORDER BY " . $data['sort'];
}
} else {
$sql .= " ORDER BY p.sort_order";
}
//Filter products based on slider price range
if ((isset($this->request->get['lower']))&&(isset($this->request->get['higher'])))
{
$sql .= " AND (CASE WHEN special IS NOT NULL THEN special WHEN discount IS NOT NULL THEN discount ELSE p.price END) >='". $this->request->get['lower'] ." ' AND (CASE WHEN special IS NOT NULL THEN special WHEN discount IS NOT NULL THEN discount ELSE p.price END) <='". $this->request->get['higher'] ."'" ;
}
//Filter products based on price slider
//根据滑块价格范围筛选产品
如果((isset($this->request->get['lower'])和&(isset($this->request->get['higher']))
{
$sql.=“和(特殊情况不为空时,特价情况不为空时,特价情况不为空时,特价情况不为空时,特价情况不为空时,特价情况不为空时,特价情况不为空时,特价情况不为空时,特价情况不为空时,特价情况不为空时,特价情况不为空时,特价情况不为空时,特价情况不为空时,特价情况不为空时,特价情况不为空时,特价情况不为特价情况不为空时。
或者在列名之前使用别名(p.special)
选中这两个选项。以下是我将采取的故障排除步骤:
确保SELECT子句中包含特殊
确保不需要使用表前缀,例如p
在进行SQL比较时,可能不应该引用数字
CASE表达式的格式似乎正确,因此我认为表达式不是问题所在
重要提示:我强烈建议您永远不要在生产环境中使用上述代码。通过获取未经筛选/验证/转义的GET参数并将其添加到查询字符串中,您完全可以接受SQL注入。错误消息非常清楚:您没有以该名称命名的列。您有名为spec的列吗ial
?
//Filter products based on slider price range
if ((isset($this->request->get['lower']))&&(isset($this->request->get['higher'])))
{
$sql .= " AND (CASE WHEN special IS NOT NULL THEN special WHEN discount IS NOT NULL THEN discount ELSE p.price END) >='". $this->request->get['lower'] ." ' AND (CASE WHEN special IS NOT NULL THEN special WHEN discount IS NOT NULL THEN discount ELSE p.price END) <='". $this->request->get['higher'] ."'" ;
}
//Filter products based on price slider