Question

这是opencart的一部分：

模型/目录/ product.php

if (!empty($data['filter_manufacturer_id'])) {
  $sql .= " AND p.manufacturer_id = '" . (int)$data['filter_manufacturer_id'] . "'";
}

$sql .= " GROUP BY p.product_id";

$sort_data = array(
    'pd.name',
    'p.model',
    'p.quantity',
    'p.price',
    'rating',
    'p.sort_order',
    'p.date_added'
);

if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
    if ($data['sort'] == 'pd.name' || $data['sort'] == 'p.model') {
        $sql .= " ORDER BY LCASE(" . $data['sort'] . ")";
    } elseif ($data['sort'] == 'p.price') {
        $sql .= " ORDER BY (CASE WHEN special IS NOT NULL THEN special WHEN discount IS NOT NULL THEN discount ELSE p.price END)";
    } else {
        $sql .= " ORDER BY " . $data['sort'];
    }
} else {
    $sql .= " ORDER BY p.sort_order";
}

我正在努力创造＆＃34;价格范围＆＃34;过滤。这是我的代码：

    //Filter products based on slider price range

    if ((isset($this->request->get['lower']))&&(isset($this->request->get['higher'])))
    {
    $sql .=  " AND p.price >='". $this->request->get['lower'] ." ' AND p.price <='". $this->request->get['higher'] ."'" ;
    }

    //Filter products based on price slider

if (!empty($data['filter_manufacturer_id'])) {
    $sql .= " AND p.manufacturer_id = '" . (int)$data['filter_manufacturer_id'] . "'";
}

$sql .= " GROUP BY p.product_id";

$sort_data = array(
    'pd.name',
    'p.model',
    'p.quantity',
    'p.price',
    'rating',
    'p.sort_order',
    'p.date_added'
);

if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
    if ($data['sort'] == 'pd.name' || $data['sort'] == 'p.model') {
        $sql .= " ORDER BY LCASE(" . $data['sort'] . ")";
    } elseif ($data['sort'] == 'p.price') {
        $sql .= " ORDER BY (CASE WHEN special IS NOT NULL THEN special WHEN discount IS NOT NULL THEN discount ELSE p.price END)";
    } else {
        $sql .= " ORDER BY " . $data['sort'];
    }
} else {
    $sql .= " ORDER BY p.sort_order";
}

有效！但是当产品从我们的商店有特价时，它不起作用。所以我试图从SORT BY PRICE复制一些代码。我复制了这个SQL：

(CASE WHEN special IS NOT NULL THEN special WHEN discount IS NOT NULL THEN discount ELSE p.price END)

到我的自定义代码：

    //Filter products based on slider price range

    if ((isset($this->request->get['lower']))&&(isset($this->request->get['higher'])))
    {
    $sql .=  " AND (CASE WHEN special IS NOT NULL THEN special WHEN discount IS NOT NULL THEN discount ELSE p.price END) >='". $this->request->get['lower'] ." ' AND (CASE WHEN special IS NOT NULL THEN special WHEN discount IS NOT NULL THEN discount ELSE p.price END) <='". $this->request->get['higher'] ."'" ;
    }

    //Filter products based on price slider

但仍然无法奏效。我收到这个错误：

注意：错误：未知列＆＃39;特殊＆＃39;在＆＃39; where子句＆＃39; 错误号码：1054

Answer 1

以下是我要采取的问题排查步骤：

确保SELECT子句中包含special
确保您不需要使用p
进行SQL比较时可能不应引用数字

CASE表达式似乎格式正确，所以我认为表达式不是问题。

重要提示：我强烈建议您永远不要在生产环境中使用上述代码。通过采用未经过滤/验证/转义的GET参数并将它们添加到查询字符串，您可以对SQL注入进行全面开放。

Answer 2

检查表格列列表中是否存在“特殊”列。或使用列名前的别名（p.special）。

检查两个选项。

php mysql案例语法错误

2 个答案: