使用PDO

时间:2015-10-01 13:22:42

标签: php mysql select pdo

我有一些使用mysql_query的PHP脚本,但现在我试图将其更改为PDO(更不容易受到攻击,他们说更安全),但我遇到了条件选择查询的一些问题。 我有以下代码:

$querydatahora = $conn->prepare('SELECT 
    Linhas.NomeLinha, Maquinas.Nome as maquina, Tecnicos.Nome, Avarias.DataHoraInicioAvaria, 
    Avarias.DataHoraFimAvaria, Avarias.Descricao, Avarias.Solucao, Avarias.TipoSolucao 
    FROM Avarias, Tecnicos, Linhas, Maquinas, avariatecnico 
    where Linhas.IDLinha = Avarias.IDLinha and avariatecnico.IDAvaria = avarias.IDAvaria and Avariatecnico.IDTecnico = Tecnicos.IDTecnico and 
    Maquinas.IDMaquina = Avarias.IDMaquina and DataHoraInicioAvaria >= :datetimepicker AND DataHoraFimAvaria <= :datetimepicker1 ');


if( $_SESSION['IDLinha'] ) {
    $querydatahora .= $conn->prepare(" AND Avarias.IDLinha = :IDLinha AND Avarias.IDMaquina = :IDMaquina order by DataHoraInicioAvaria DESC LIMIT $startrow, 9");
} else{
    $querydatahora .= $conn->prepare(" order by DataHoraInicioAvaria DESC LIMIT $startrow, 9");
}

$querydatahora->execute( array(
    ':datetimepicker'   => $_SESSION['datetimepicker'], 
    ':datetimepicker1'  => $_SESSION['datetimepicker1'], 
    ':IDLinha'          => $_SESSION['IDLinha'], 
    ':IDMaquina'        => $_SESSION['IDMaquina'])
);

if( $_SESSION['IDLinha'] ) {
    $querycount .= $conn->prepare(' AND Avarias.IDLinha = :IDLinha AND Avarias.IDMaquina = :IDMaquina');
}

$querycount->execute( array(
    ':datetimepicker'   => $_SESSION['datetimepicker'], 
    ':datetimepicker1'  => $_SESSION['datetimepicker1'], 
    ':IDLinha'          => $_SESSION['IDLinha'], 
    ':IDMaquina'        => $_SESSION['IDMaquina'])
);

我得到的错误是:

  

导致致命错误:第52行的C:\ xxxxxxxxxxxxxxxxxxxxxxxxxx.php无法将类PDOStatement的对象转换为字符串

我不是这方面的专家所以,可能是我犯了错误。感谢所有帮助

2 个答案:

答案 0 :(得分:2)

您需要先构建查询,然后再进行准备

C

答案 1 :(得分:1)

您必须先构建一个查询字符串。

$querydatahora = 'SELECT Linhas.NomeLinha, Maquinas.Nome as maquina, Tecnicos.Nome, Avarias.DataHoraInicioAvaria, Avarias.DataHoraFimAvaria, Avarias.Descricao, Avarias.Solucao, Avarias.TipoSolucao 
FROM Avarias, Tecnicos, Linhas, Maquinas, avariatecnico where Linhas.IDLinha = Avarias.IDLinha and avariatecnico.IDAvaria = avarias.IDAvaria and Avariatecnico.IDTecnico = Tecnicos.IDTecnico and 
Maquinas.IDMaquina = Avarias.IDMaquina and DataHoraInicioAvaria >= :datetimepicker AND DataHoraFimAvaria <= :datetimepicker1'

// Your minimal parameters
$params = array(':datetimepicker' => $_SESSION['datetimepicker'], ':datetimepicker1' => $_SESSION['datetimepicker1']);

// Test you have the mandatory variables IDLinha and IDMaquina
if (isset($_SESSION['IDLinha']) && isset($_SESSION['IDMaquina'])) {
    $querydatahora .= " AND Avarias.IDLinha = :IDLinha AND Avarias.IDMaquina = :IDMaquina");
    // Adding parameters
    $params = array_merge($params, array(':IDLinha' => $_SESSION['IDLinha'],':IDMaquina' => $_SESSION['IDMaquina']));
}

// In anyway you will do the same order by then write it at the end
$querydatahora .= " order by DataHoraInicioAvaria DESC LIMIT $startrow, 9";

// Your querystring is ok then let's prepare it
$stmt = $conn->prepare($querydatahora);

// Now Run with parameters
$stmt->execute($params);

我已删除了您的查询次数,因为我想专注于第一个查询并使其正常工作

相关问题
最新问题