我尝试根据网页网址对我的查询应用过滤器。但是它似乎没有从我的数据库中返回正确的数据。
if ( $_GET['from'] == '' && $_GET['to'] == '' ) {
$query = 'SELECT * FROM mhs_dashboard_revenue';
echo 'none';
} else if ( $_GET['from'] == '' && $_GET['to'] != '' ) {
$query = 'SELECT * FROM mhs_dashboard_revenue WHERE DateOfData BETWEEN 20150101 AND "$_GET[to]"';
echo 'to';
} else if ( $_GET['from'] != '' && $_GET['to'] == '' ) {
$query = 'SELECT * FROM mhs_dashboard_revenue WHERE DateOfData BETWEEN "$_GET[from]" AND 20900101';
echo 'from';
} else if ( $_GET['from'] != '' && $_GET['to'] != '' ) {
$query = 'SELECT * FROM mhs_dashboard_revenue WHERE DateOfData BETWEEN "$_GET[from]" AND "$_GET[to]"';
echo 'both';
}
$result = mysqli_query($connection, $query);
$totalChampagne = 0;
$totalSpirts = 0;
$totalWine = 0;
$total = 0;
while($row = mysqli_fetch_assoc($result)) { ?>
<?php
$totalChampagne = $totalChampagne + $row['ChampagneValue'];
$totalSpirts = $totalSpirts + $row['SpirtsValue'];
$totalWine = $totalWine + $row['WineValue'];
$total = $totalChampagne + $totalSpirts + $totalWine;
?>
<!--
<p>Id: <?php //echo $row['ID']; ?></p>
<p>Date of: <?php //echo $row['DateOfData']; ?></p>
<p>Champagne: <?php //echo $row['ChampagneValue']; ?></p>
<p>Spirts: <?php //echo $row['SpirtsValue']; ?></p>
<p>Wine: <?php //echo $row['WineValue']; ?></p>
<hr>
-->
<?php } ?>
<p>Champagne Total = £<?php echo $totalChampagne; ?></p>
<p>Spirts Total = £<?php echo $totalSpirts; ?></p>
<p>Wine Total = £<?php echo $totalWine; ?></p>
<p>Total = £<?php echo $total; ?></p>
我已经在每个IF中添加了回音以确保我的值被接收,并且我可以根据网址在正确的位置看到回声。
这个网址看起来像是 - revenue_feed.php?from = 20160101&amp; to = 20161115,这是一个没有连字符格式的日期,因为当我手动测试时输入日期连字符打破了它。
我希望这是一个简单的解决方案,但我似乎无法解决这个问题。非常感谢所有帮助。
答案 0 :(得分:1)
对于要解释的PHP变量,您需要将它们放在双引号内(而不是像SQL查询那样使用单引号)。但无论如何,您的代码对SQL注入是开放的,应该避免使用。
相反,你可以使用准备好的查询,这会给你这样的东西:
$sql = 'SELECT * FROM mhs_dashboard_revenue WHERE DateOfData BETWEEN ? AND 20900101';
$stmt = mysqli_prepare($connection, $sql);
mysqli_stmt_bind_param($stmt, "s", $_GET[from]);
mysqli_stmt_execute($stmt);