$ _GET与PHP中的运算符比较

时间:2014-12-20 18:04:43

标签: php sql get comparison

我正在使用PHP和SQL Server。 我尝试使用运营商比较,但无法获得正确的回复。 当我测试URL时,没有响应。 我像这样测试URL:

http://example.com/artafs/get_rule_rate_insco_cvg_bundle.php?INSCO_BRANCH_CODE=AAB066 && REGION_CODE=Region1 && MAIN_CVG_TYPE_CODE=ALL RISK && CVG_TYPE_CODE=TPL && INS_ASSET_CATEGORY_CODE=05 && ASSET_USAGE=P && MR_ASSET_CONDITION=NEW && ASSET_PRICE_MORE_THAN<=0 && ASSET_PRICE_LESS_THAN_OR_EQUAL>=125000000

这是问题的详细信息:

if (
    isset($_GET['INSCO_BRANCH_CODE']) &&
    isset($_GET['REGION_CODE']) &&
    isset($_GET['MAIN_CVG_TYPE_CODE']) &&
    isset($_GET['CVG_TYPE_CODE']) &&
    isset($_GET['INS_ASSET_CATEGORY_CODE']) &&
    isset($_GET['ASSET_USAGE']) &&
    isset($_GET['MR_ASSET_CONDITION']) &&
    isset($_GET['ASSET_PRICE_MORE_THAN'])
) {
    $bcode = $_GET['INSCO_BRANCH_CODE'];
    $rcode = $_GET['REGION_CODE'];
    $cmain = $_GET['MAIN_CVG_TYPE_CODE'];
    $cvg = $_GET['CVG_TYPE_CODE'];
    $accode = $_GET['INS_ASSET_CATEGORY_CODE'];
    $ausage = $_GET['ASSET_USAGE'];
    $acon = $_GET['MR_ASSET_CONDITION'];
    $apmt = $_GET['ASSET_PRICE_MORE_THAN'];
    $apltoe = $_GET['ASSET_PRICE_LESS_THAN_OR_EQUAL'];

    $bcode = stripslashes($bcode);
    $bcode = $db->mssql_real_escape_string($bcode);

    $rcode = stripslashes($rcode);
    $rcode = $db->mssql_real_escape_string($rcode);

    $cmain = stripslashes($cmain);
    $cmain = $db->mssql_real_escape_string($cmain);

    $cvg = stripslashes($cvg);
    $cvg = $db->mssql_real_escape_string($cvg);

    $accode = stripslashes($accode);
    $accode = $db->mssql_real_escape_string($accode);

    $ausage = stripslashes($ausage);
    $ausage = $db->mssql_real_escape_string($ausage);

    $acon = stripslashes($acon);
    $acon = $db->mssql_real_escape_string($acon);

    $apmt = stripslashes($apmt);
    $apmt = $db->mssql_real_escape_string($apmt);

    $apltoe = stripslashes($apltoe);
    $apltoe = $db->mssql_real_escape_string($apltoe);

    $result = mssql_query("
    SELECT TOP 1
        a.ASSET_PRICE_MORE_THAN,
        a.ASSET_PRICE_LESS_THAN_OR_EQUAL,
        a.INSURANCE_RATE,
        b.TPL_AMOUNT,
        b.PERCENTAGE,
        b.AMOUNT
    FROM
        RULE_RATE_INSCO a
        INNER JOIN RULE_RATE_INSCO_CVG b ON
            a.INSCO_BRANCH_CODE=b.INSCO_BRANCH_CODE AND
            a.REGION_CODE=b.REGION_CODE AND
            a.INS_ASSET_CATEGORY_CODE=b.INS_ASSET_CATEGORY_CODE AND
            a.MAIN_CVG_TYPE_CODE=b.MAIN_CVG_TYPE_CODE
    WHERE
        a.INSCO_BRANCH_CODE='$bcode' AND
        a.REGION_CODE='$rcode' AND
        a.MAIN_CVG_TYPE_CODE='$cmain' AND
        b.CVG_TYPE_CODE='$cvg' AND
        a.INS_ASSET_CATEGORY_CODE='$accode' AND
        a.ASSET_USAGE='$ausage' AND
        a.MR_ASSET_CONDITION='$acon' AND
        a.ASSET_PRICE_MORE_THAN<='$apmt' AND
        a.ASSET_PRICE_LESS_THAN_OR_EQUAL>='$apltoe'
    ");
}

更正了SQL Server的查询测试并且没有问题:

SELECT TOP 1
    a.ASSET_PRICE_MORE_THAN,
    a.ASSET_PRICE_LESS_THAN_OR_EQUAL,
    a.INSURANCE_RATE,
    b.TPL_AMOUNT,
    b.PERCENTAGE,
    b.AMOUNT
FROM
    RULE_RATE_INSCO a
    INNER JOIN RULE_RATE_INSCO_CVG b ON
        a.INSCO_BRANCH_CODE=b.INSCO_BRANCH_CODE AND
        a.REGION_CODE=b.REGION_CODE AND
        a.INS_ASSET_CATEGORY_CODE=b.INS_ASSET_CATEGORY_CODE AND
        a.MAIN_CVG_TYPE_CODE=b.MAIN_CVG_TYPE_CODE
WHERE
    a.INSCO_BRANCH_CODE='AAB066' AND
    a.REGION_CODE='Region1' AND
    a.MAIN_CVG_TYPE_CODE='ALL RISK' AND
    b.CVG_TYPE_CODE='TPL' AND
    a.INS_ASSET_CATEGORY_CODE='05' AND
    a.ASSET_USAGE='P' AND
    a.MR_ASSET_CONDITION='NEW' AND
    a.ASSET_PRICE_MORE_THAN<='0' AND
    a.ASSET_PRICE_LESS_THAN_OR_EQUAL>='125000000'

我的解释:
在我使用URL测试并在浏览器中填充参数后,没有正确的响应。 但是当我从SQL Server尝试查询时没有问题。 问题在于比较运算符a.ASSET_PRICE_MORE_THAN<='0'a.ASSET_PRICE_LESS_THAN_OR_EQUAL>='125000000'。当我只使用a.ASSET_PRICE_MORE_THAN=0时,没有问题。

最新更新但仍未成功:

$keys = array(
    'INSCO_BRANCH_CODE',
    'REGION_CODE',
    'MAIN_CVG_TYPE_CODE',
    'CVG_TYPE_CODE',
    'INS_ASSET_CATEGORY_CODE',
    'ASSET_USAGE',
    'MR_ASSET_CONDITION',
    'ASSET_PRICE_MORE_THAN',
    'ASSET_PRICE_LESS_THAN_OR_EQUAL'
);
function get_isset($key) {
    return isset($_GET[$key]);
}
function get_escaped($key) {
    global $db;
    return $db->mssql_real_escape_string(stripslashes($_GET[$key]));
}

if (!in_array(false, array_map('get_isset', $keys))) {
    list (
        $bcode,
        $rcode,
        $cmain,
        $cvg,
        $accode,
        $ausage,
        $acon,
        $apmt,
        $apltoe
    ) = array_map('get_escaped', $keys);

    $result = mssql_query("select top 1 a.ASSET_PRICE_MORE_THAN,a.ASSET_PRICE_LESS_THAN_OR_EQUAL,a.INSURANCE_RATE,
    b.TPL_AMOUNT,b.PERCENTAGE,b.AMOUNT from RULE_RATE_INSCO a inner join RULE_RATE_INSCO_CVG b on a.INSCO_BRANCH_CODE=b.INSCO_BRANCH_CODE and
    a.REGION_CODE=b.REGION_CODE and a.INS_ASSET_CATEGORY_CODE=b.INS_ASSET_CATEGORY_CODE and a.MAIN_CVG_TYPE_CODE=b.MAIN_CVG_TYPE_CODE
    where a.INSCO_BRANCH_CODE='$bcode'
    and a.REGION_CODE='$rcode'
    and a.MAIN_CVG_TYPE_CODE='$cmain'
    and b.CVG_TYPE_CODE='$cvg'
    and a.INS_ASSET_CATEGORY_CODE='$accode'
    and a.ASSET_USAGE='$ausage'
    and a.MR_ASSET_CONDITION='$acon'
    and a.ASSET_PRICE_MORE_THAN<='$apmt'
    and a.ASSET_PRICE_LESS_THAN_OR_EQUAL>='$apltoe'");

}

2 个答案:

答案 0 :(得分:0)

尝试使用整数而不是字符串限制查询(&#39; 125000000&#39;)。

答案 1 :(得分:0)

网址很乱。只使用一个&符号(&)来分隔参数,在参数的名称和值之间只使用等号(=),值必须为%-encoded:

http://example.com/artafs/get_rule_rate_insco_cvg_bundle.php?INSCO_BRANCH_CODE=AAB066&REGION_CODE=Region1&MAIN_CVG_TYPE_CODE=ALL%20RISK&CVG_TYPE_CODE=TPL&INS_ASSET_CATEGORY_CODE=05&ASSET_USAGE=P&MR_ASSET_CONDITION=NEW&ASSET_PRICE_MORE_THAN=0&ASSET_PRICE_LESS_THAN_OR_EQUAL=125000000

您应该通过$_GET显示var_dump($_GET);内容进行调试。

您也忘了检查是否设置了$_GET['ASSET_PRICE_LESS_THAN_OR_EQUAL']。如果正确格式化代码并避免重复,则可以避免此类错误。对重复(未经测试)的部件使用函数:

$keys = array(
    'INSCO_BRANCH_CODE',
    'REGION_CODE',
    'MAIN_CVG_TYPE_CODE',
    'CVG_TYPE_CODE',
    'INS_ASSET_CATEGORY_CODE',
    'ASSET_USAGE',
    'MR_ASSET_CONDITION',
    'ASSET_PRICE_MORE_THAN',
    'ASSET_PRICE_LESS_THAN_OR_EQUAL'
);
function get_isset($key) {
    return isset($_GET[$key]);
}
function get_escaped($key) {
    global $db;
    return $db->mssql_real_escape_string(stripslashes($_GET[$key]));
}

if (!in_array(false, array_map('get_isset', $keys))) {
    list (
        $bcode,
        $rcode,
        $cmain,
        $cvg,
        $accode,
        $ausage,
        $acon,
        $apmt,
        $apltoe
    ) = array_map('get_escaped', $keys);

    $result = mssql_query("
    SELECT TOP 1
        a.ASSET_PRICE_MORE_THAN,
        a.ASSET_PRICE_LESS_THAN_OR_EQUAL,
        a.INSURANCE_RATE,
        b.TPL_AMOUNT,
        b.PERCENTAGE,
        b.AMOUNT
    FROM
        RULE_RATE_INSCO a
        INNER JOIN RULE_RATE_INSCO_CVG b ON
            a.INSCO_BRANCH_CODE=b.INSCO_BRANCH_CODE AND
            a.REGION_CODE=b.REGION_CODE AND
            a.INS_ASSET_CATEGORY_CODE=b.INS_ASSET_CATEGORY_CODE AND
            a.MAIN_CVG_TYPE_CODE=b.MAIN_CVG_TYPE_CODE
    WHERE
        a.INSCO_BRANCH_CODE='$bcode' AND
        a.REGION_CODE='$rcode' AND
        a.MAIN_CVG_TYPE_CODE='$cmain' AND
        b.CVG_TYPE_CODE='$cvg' AND
        a.INS_ASSET_CATEGORY_CODE='$accode' AND
        a.ASSET_USAGE='$ausage' AND
        a.MR_ASSET_CONDITION='$acon' AND
        a.ASSET_PRICE_MORE_THAN<='$apmt' AND
        a.ASSET_PRICE_LESS_THAN_OR_EQUAL>='$apltoe'
    ");
}

参数ASSET_PRICE_LESS_THAN_OR_EQUAL也是直观地命名的。您应该使用>而不是>=来更改名称或与其值进行比较。

相关问题
最新问题