我找到了一个奇怪的问题。当我从我的phpmyadmin执行此查询时,它工作正常并返回2结果。但是当我们执行这个查询表单php页面时,它返回0结果。
$query = "SELECT distinct(vtiger_products.product_no) FROM `vtiger_products`
INNER JOIN vtiger_crmentity VC ON VC.crmid = vtiger_products.productid
inner join vtiger_tree_product vtp on vtiger_products.productid = vtp.productid";
$custom_conditions = ' cf.cf_1399 = "'.$_REQUEST['size'].'"';
$temp ='Where vtiger_products.hisotrization_status='Current'
AND vtiger_products.productid > 0
AND VC.deleted = 0
AND vtp.nodeid in (425,426,427,428,430,431,457,458,459,460,480,488,502,510,514,515,516,517,518,519,520,521,525,526,527,528,529)';
if ($custom_conditions) {
$query .= " inner JOIN vtiger_productcf cf on cf.productid = vtiger_products.productid ";
$conditions .= " AND ( " . str_replace('""','\""',str_replace("''","\''",$custom_conditions)) . " ) ";
}
$query = $query.$temp . $conditions;
SELECT distinct(vtiger_products.product_no) FROM `vtiger_products`
INNER JOIN vtiger_crmentity VC ON VC.crmid = vtiger_products.productid
inner join vtiger_tree_product vtp on vtiger_products.productid = vtp.productid
inner JOIN vtiger_productcf cf on cf.productid = vtiger_products.productid
Where vtiger_products.hisotrization_status='Current'
AND vtiger_products.productid > 0
AND VC.deleted = 0
AND vtp.nodeid in (425,426,427,428,430,431,457,458,459,460,480,488,502,510,514,515,516,517,518,519,520,521,525,526,527,528,529)
AND ( cf.cf_1399 = "20'" );
等待您的回复谢谢
答案 0 :(得分:0)
您可以使用函数mysql_real_escape_string将php变量传递给查询(转义字符串中的特殊字符以用于SQL语句)。
e.g.mysql_real_escape_string($user);
答案 1 :(得分:0)
简单明了:
错误:
$query = '... set test = 'blah' where ...'; (' before blah terminates the string)
解决方案1:
$query = '... set test = \'blah\' where ...'; (escaping)
解决方案2:
$query = "... set test = 'blah' where ..."; (double quotes aren't terminated by single quotes)
请注意"您好,$ test!"评估$ test,而你好,$ test!'没有。