我的数据库中有2个表。第一个表是room_details,第二个表是booking_details。
room_details表:
Room_Id | Category | Type | Price
---------|------------|----------|---------
R 001 | DELUXE | NON-AC | 2500
| | |
R 002 | DELUXE | AC | 3500
| | |
R 003 | GRAND | NON-AC | 4500
| | |
R 004 | GRAND | AC | 5500
| | |
R 005 | SUITE | NON-AC | 6500
| | |
R 006 | SUITE | AC | 7500
booking_details表:
Room_Id | Booking_Id | Booking_Date | Check_in_Date | Check_out_Date
----------|--------------|----------------|---------------|-----------------
R 001 | B 001 | 2017-03-25 | 2017-03-26 | 2017-03-28
| | | |
R 001 | B 002 | 2017-03-25 | 2017-03-29 | 2017-04-01
| | | |
R 004 | B 003 | 2017-03-25 | 2017-03-26 | 2017-03-30
| | | |
R 005 | B 004 | 2017-03-25 | 2017-03-26 | 2017-03-28
查询:
$sql = 'SELECT * FROM room_details
WHERE room_id NOT IN(
SELECT room_id FROM booking_details
WHERE '$check_in' BETWEEN Check_in_Date AND Check_out_Date
OR '$check_out' BETWEEN Check_in_Date AND Check_out_Date
)';
当我使用php将check_in和check_out日期作为输入来显示所有可用房间时,它会显示错误,如下所示:
解析错误:语法错误,意外' $ check_in' (T_VARIABLE)
此查询有什么问题?
这是完整的PHP代码:
<?php
$a = $_POST["data_1"];
$b = $_POST["data_2"];
$check_in = date("Y-m-d", strtotime($a));
$check_out = date("Y-m-d", strtotime($b));
$dbhost = "localhost:3306";
$dbuser = "root";
$dbpass = "";
$dbname="hotel";
//create connection
$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
//check connection
if( $conn->connect_error ) {
die("Connection failed:" . $conn->connect_error);
}
$sql = 'SELECT * FROM room_details
WHERE room_id NOT IN(
SELECT room_id FROM booking_details
WHERE '$check_in' BETWEEN Check_in_Date AND Check_out_Date
OR '$check_out' BETWEEN Check_in_Date AND Check_out_Date
)';
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "<table border=1>
<tr>
<th>Room_Id</th>
<th>Category</th>
<th>Type</th>
<th>Price</th>
</tr>";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<tr>";
echo "<td>" . $row['Room_Id'] . "</td>";
echo "<td>" . $row['Category'] . "</td>";
echo "<td>" . $row['Type'] . "</td>";
echo "<td>" . $row['Price'] . "</td>";
echo "<td>" . "<a href = room_booking.php> BOOK NOW </a>" . "</td>";
echo "</tr>";
}
echo "</table>";
} else {
echo "Error:" . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
答案 0 :(得分:0)
使用单引号,您需要使用.
$sql = 'SELECT * FROM room_details WHERE room_id NOT IN(SELECT room_id FROM booking_details WHERE "'.$check_in.'" BETWEEN Check_in_Date AND Check_out_Date OR "'.$check_out.'" BETWEEN Check_in_Date AND Check_out_Date)';
使用双引号,您可以注入$check_in和$check_out内嵌
$sql = "SELECT * FROM room_details WHERE room_id NOT IN(SELECT room_id FROM booking_details WHERE '$check_in' BETWEEN Check_in_Date AND Check_out_Date OR '$check_out' BETWEEN Check_in_Date AND Check_out_Date)";
为了便于阅读,我更喜欢sprintf。
$sql = sprintf('SELECT * FROM room_details WHERE room_id NOT IN(SELECT room_id FROM booking_details WHERE "%s" BETWEEN Check_in_Date AND Check_out_Date OR "%s" BETWEEN Check_in_Date AND Check_out_Date)', $check_in, $check_out);
但实际上,(安全方面)您应该使用PDO来绑定您的参数。 http://php.net/manual/en/pdostatement.bindparam.php
$stmt = $db->prepare('SELECT * FROM room_details WHERE room_id NOT IN(SELECT room_id FROM booking_details WHERE :check_in BETWEEN Check_in_Date AND Check_out_Date OR :check_out BETWEEN Check_in_Date AND Check_out_Date)');
$stmt->bindParam(':check_in', $check_in, PDO::PARAM_STR);
$stmt->bindParam(':check_out', $check_out, PDO::PARAM_STR);
$stmt->execute();
答案 1 :(得分:0)
我认为问题在于字符串连接,因此请修改您的查询,如:
$sql = "SELECT * FROM room_details WHERE room_id NOT IN(SELECT room_id FROM booking_details WHERE "'.$check_in.'" BETWEEN Check_in_Date AND Check_out_Date OR "'.$check_out.'" BETWEEN Check_in_Date AND Check_out_Date)";
尝试此查询。