我在WordPress工作,我的$ wpdb选择查询工作没有准备,但当我使用正确的转义并使用$ wpdb->准备...准备结果永远不会显示和结果显示我不使用%s并准备...我缺少的是什么...谢谢,没有错误出现在检查屏幕上准备和结果也没有显示。请指导使用什么方法来保存sql注入。
这项工作
$sql = "SELECT 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category, Sum(votes.votes) AS votessum, describebaby, current FROM 1user LEFT JOIN votes on 1user.uid=votes.uid GROUP BY 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category HAVING 1user.category = '$category' && 1user.competition = '$comp' ORDER BY 1user.uid DESC";
这不起作用
$sql = "SELECT 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category, Sum(votes.votes) AS votessum, describebaby, current FROM 1user LEFT JOIN votes on 1user.uid=votes.uid GROUP BY 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category HAVING 1user.category = %s && 1user.competition = %s ORDER BY 1user.uid DESC";
$results = $wpdb->get_results($wpdb->prepare($sql),$category,$comp) or die(mysql_error());
答案 0 :(得分:2)
您将括号添加到错误的位置,它需要在您的变量之后。
$results = $wpdb->get_results($wpdb->prepare($sql,$category,$comp)) or die($wpdb->print_error());