CDbCommand无法执行SQL语句:SQLSTATE[42S22]:未找到YII列
审查关系如下:CDbCommand无法执行SQL语句:SQLSTATE[42S22]:未找到YII列,yii,Yii,审查关系如下: return array( 'product' => array(self::BELONGS_TO, 'Product', 'product_id'), 'profile' => array(self::BELONGS_TO, 'Profile', 'profile_id'), 'rating' => array(self::BELONGS_TO, 'Rating', 'rating_id'), '
return array(
'product' => array(self::BELONGS_TO, 'Product', 'product_id'),
'profile' => array(self::BELONGS_TO, 'Profile', 'profile_id'),
'rating' => array(self::BELONGS_TO, 'Rating', 'rating_id'),
'reviewcomments' => array(self::HAS_MANY, 'Reviewcomment', 'review_id'),
'reviewhelpfuls' => array(self::HAS_MANY, 'Reviewhelpful', 'review_id'),
'commentCounts' => array(self::STAT, 'Reviewcomment', 'review_id'),
);
控制器代码如下:
$criteria = new CDbCriteria();
$criteria->addCondition("t.seoUrl = :seoUrl");
$criteria->addCondition("t.published = 1");
$criteria->params = array("seoUrl"=>$seoUrl);
$data['product'] = Product::model()->find($criteria);
if($data['product']){
$data['product']->hits = $data['product']->hits+1;
$data['product']->save();
} else{
throw new CHttpException(404, "Invalid Request for product");
}
$product_id = $data['product']->id;
$criteria = new CDbCriteria();
$criteria->addCondition("t.product_id = '$product_id'");
if(isset($_GET['rating']))
{
$rating_id = $_GET['rating'];
$criteria->addCondition("t.rating_id = '$rating_id'");
}
$criteria->addCondition('t.status = "approved"');
if(isset($_GET['sort']))
{
$sorting = $_GET['sort'];
if($sorting=='newest')
$criteria->order = "t.postDate DESC";
elseif($sorting=='oldest')
$criteria->order = "t.postDate ASC";
elseif($sorting=='rating_high')
$criteria->order = "t.rating_id DESC";
elseif($sorting=='rating_low')
$criteria->order = "t.rating_id ASC";
}
$data['reviews'] = new CActiveDataProvider('Review', array(
'criteria'=>$criteria,
'pagination'=>array('pagesize'=>4)
));
现在,当我运行这段代码时,我发现CDbCommand无法执行SQL语句:SQLSTATE[42S22]:Column not found:1054未知列't.rating_id'in'where子句'
感谢您的帮助不要将“t”用作表的别名,开始使用
getTableAlias(false,false)
在您的情况下,它将是:
$criteria->addCondition(Review::model()->getTableAlias(false, false).".rating_id = '$rating_id'");
更重要的是,这段代码强调SQL注入
$rating_id = $_GET['rating'];
$criteria->addCondition("t.rating_id = '$rating_id'");
未经处理,切勿使用用户输入。Yii允许您绑定将为您转义的值-没有SQL注入的威胁(至少据我所知)。您应该这样创建您的标准:
$criteria->addCondition(Review::model()->getTableAlias(false, false).".rating_id = :rating_id");
$criteria->params = array(
':rating_id' => $rating_id,
);
不要将“t”用作表的别名,而是开始使用
getTableAlias(false,false)
在您的情况下,它将是:
$criteria->addCondition(Review::model()->getTableAlias(false, false).".rating_id = '$rating_id'");
更重要的是,这段代码强调SQL注入
$rating_id = $_GET['rating'];
$criteria->addCondition("t.rating_id = '$rating_id'");
未经处理,切勿使用用户输入。Yii允许您绑定将为您转义的值-没有SQL注入的威胁(至少据我所知)。您应该这样创建您的标准:
$criteria->addCondition(Review::model()->getTableAlias(false, false).".rating_id = :rating_id");
$criteria->params = array(
':rating_id' => $rating_id,
);
我认为您必须检查列名,它必须是除
rating\u id
以外的其他内容。我认为您必须检查列名,它必须是除rating\u id
以外的其他内容。