Question

我有一个带有两个datepicker（dd / mm / yyyy）的表单。
的代码：

<label for="from">From Date:</label>
<input type="text" id="from" name="from">
<label for="to">to Date:</label>
<input type="text" id="to" name="to">

我尝试用PHP选择这个数据范围。 但是有错误。

致命错误：未捕获的异常＆＃39; com_exception＆＃39;与消息   ＆＃39; 来源：用于ODBC的Microsoft OLE DB提供程序   驱动程序
描述： [Microsoft] [Driver ODBC Microsoft   访问] Tipi di dati non corrispondenti nell＆＃39; espressione criterio。＆＃39;在   C：\ Program Files   （x86）\ EasyPHP-Devserver-16.1 \ eds-www \ DinamicoWeb \ index.php：43 Stack   trace：＃0 C：\ Program Files   （86）\的EasyPHP-Devserver-16.1 \ EDS-WWW \ DinamicoWeb \的index.php（43）：   com-＆gt;执行（＆＃39; SELECT [Id Ord] ...＆＃39;）＃1 {main}在C：\ Program中抛出   文件（x86）\ EasyPHP-Devserver-16.1 \ eds-www \ DinamicoWeb \ index.php on   第43行

所以这是我的php文件（完美无需日期工作）：

$input=$_POST['input'];
$id=$_POST['id'];
$tipo=$_POST['tipo'];
$numero1=$_POST['numero1'];
$numero2=$_POST['numero2'];
$data1=$_POST['from'];
$data2=$_POST['to'];

if (empty($input)) {
    $sql="SELECT [Id Ord] AS [ID], [Tipo Ord] AS [Tipo], [N Ord] AS [Numero], [Data Ord] AS [Data], [Ragione Sociale], [Indirizzo], [TotImp] AS [IMPORTO TOTALE], [TotIva] AS [IMPORTO IVA] FROM [Ordini] WHERE [Id Ord] LIKE '$id' OR [Tipo Ord] LIKE '$tipo' OR [Data Ord] BETWEEN '$data1' AND '$data2'";
} else {
    $sql="SELECT [Id Ord] AS [ID], [Tipo Ord] AS [Tipo], [N Ord] AS [Numero], [Data Ord] AS [Data], [Ragione Sociale], [Indirizzo], [TotImp] AS [IMPORTO TOTALE], [TotIva] AS [IMPORTO IVA] FROM [Ordini] WHERE [Indirizzo] LIKE '%$input%' OR [Ragione Sociale] LIKE '%$input%' OR [Id Ord] LIKE '$id' OR [Tipo Ord] LIKE '$tipo'" OR [Data Ord] BETWEEN '$data1' AND '$data2'";
}

第43行：

$rs = $con->execute($sql);

表格：（不计算从1到100的数字）

Answer 1

首先，您的代码是SQL注入的开放式邀请。您应该使用参数化查询。

然后，如果数据库是MS Access，并且[Data Ord] 日期类型，则在SQL中，您应该使用#而不是'包围您的日期，并按照以下方式正确格式化：MM/DD/YYYY

喜欢这个。

$input=$_POST['input'];
$id=$_POST['id'];
$tipo=$_POST['tipo'];
$numero1=$_POST['numero1'];
$numero2=$_POST['numero2'];
$data1=date('m/d/Y', strtotime($_POST['from']));;
$data2=date('m/d/Y', strtotime($_POST['to']));;

if (empty($input)) {
    $sql="SELECT [Id Ord] AS [ID], [Tipo Ord] AS [Tipo], [N Ord] AS [Numero], [Data Ord] AS [Data], [Ragione Sociale], [Indirizzo], [TotImp] AS [IMPORTO TOTALE], [TotIva] AS [IMPORTO IVA] FROM [Ordini] WHERE [Id Ord] LIKE '$id' OR [Tipo Ord] LIKE '$tipo' OR [Data Ord] BETWEEN #$data1# AND #$data2#";
} else {
    $sql="SELECT [Id Ord] AS [ID], [Tipo Ord] AS [Tipo], [N Ord] AS [Numero], [Data Ord] AS [Data], [Ragione Sociale], [Indirizzo], [TotImp] AS [IMPORTO TOTALE], [TotIva] AS [IMPORTO IVA] FROM [Ordini] WHERE [Indirizzo] LIKE '%$input%' OR [Ragione Sociale] LIKE '%$input%' OR [Id Ord] LIKE '$id' OR [Tipo Ord] LIKE '$tipo'" OR [Data Ord] BETWEEN #$data1# AND #$data2#";
}

我不知道您的POST数据是如何格式化的，因此您可能需要更改格式化日期的方式

查询 - PHP ADODB

1 个答案: