DB2将十进制转换为带有破折号的字符串,然后转换为日期

时间:2018-04-08 15:14:01

标签: php mysql database db2

我正试着参加专栏' extd2d'来自db2表,它保存日期值,但它是打包/十进制列。

因此,对于2018-02-02,它返回20180202

我试图选择它来匹配一个返回2018-02-02的DATE数据类型的mysql列。我想我需要做的是为了匹配它们,将extd2d字段作为带有破折号的字符串,然后将其作为日期投射。

我目前正在这样做:

select date(substr(extd2d,1,4)||'-'||substr(EXTD2d,5,2)||'-'||substr(EXTD2d,7,2))  as start_date,
from table1;

以正确的YYYY-MM-DD格式显示它,但如果我使用相同的行

date(substr(extd2d,1,4)||'-'||substr(EXTD2d,5,2)||'-'||substr(EXTD2d,7,2))

在where子句中将它与来自mysql的DATE列匹配,它说它不能比较两者。我应该以不同的方式投射吗?以这种方式或从mysql日期删除破折号并进行比较会更好吗?

编辑:

这就是我在where子句中进行比较的方式:

 AND date(substr(extd2d,1,4)||'-'||substr(EXTD2d,5,2)||'-'||substr(EXTD2d,7,2)) >= {$row['start_date']}

脚本:

$sql = "
    SELECT 
        sku_id,
        dealer_id,
        locations,
        s.sku_group_id as groupID,
        s.frame as frame,
        s.cover1 as cover,
        s.color1 as color,
        start_date - interval 7 day as start_date
    from placements p
    inner join skus s on p.sku_id = s.id
    where curdate() between p.start_date and p.expire_date
    group by sku_id, dealer_id
    limit 100";

$result = mysqli_query($conn,$sql);

while($row = mysqli_fetch_assoc($result)) 

    {
        $resultData[] = $row;

$sql2 = "
    SELECT
          framec,
          covr1c,
          colr1c,
          date(substr(extd2d,1,4)||'-'||substr(EXTD2d,5,2)||'-'||substr(EXTD2d,7,2))  as start_date,
          sum(orqtyc) as TotalQTY
      from table1
        where cstnoc = {$row['dealer_id']}
        AND framec = {$row['frame']}
          AND colr1c = {$row['color']}
          AND covr1c =  {$row['cover']}
          AND date(substr(extd2d,1,4)||'-'||substr(EXTD2d,5,2)||'-'||substr(EXTD2d,7,2)) >= {$row['start_date']}
    group by framec,covr1c,colr1c,extd2d
";

$result2 = odbc_exec($DB2Conn, $sql2);

while($row2 = odbc_fetch_array($result2)){

        $db2Result[] = $row2;
}
}

print_r($resultData);
print_r($db2Result);

1 个答案:

答案 0 :(得分:1)

您的问题是,尽管DB2具有本机日期格式,但PHP确实没有。因此,当您在PHP中从MySQL中提取日期时,您将获得YYYY-MM-DD格式的字符串,然后将其与DB2 date字段进行比较。如果你根本没有投射会更好,并从MySQL字段中删除破折号:

$sql2 = "
    SELECT
          framec,
          covr1c,
          colr1c,
          date(substr(extd2d,1,4)||'-'||substr(EXTD2d,5,2)||'-'||substr(EXTD2d,7,2))  as start_date,
          sum(orqtyc) as TotalQTY
      from table1
        where cstnoc = {$row['dealer_id']}
        AND framec = {$row['frame']}
          AND colr1c = {$row['color']}
          AND covr1c = {$row['cover']}
          AND extd2d >= " . str_replace('-', '', $row['start_date']) . "
    group by framec,covr1c,colr1c,extd2d
";

真正的问题是这会受到SQL注入的影响,所以不应该将值连接到SQL中,而应该使用像这样的参数标记:

$sql2 = "
    SELECT
          framec,
          covr1c,
          colr1c,
          date(substr(extd2d,1,4)||'-'||substr(EXTD2d,5,2)||'-'||substr(EXTD2d,7,2))  as start_date,
          sum(orqtyc) as TotalQTY
      from table1
        where cstnoc = ?
        AND framec = ?
          AND colr1c = ?
          AND covr1c = ?
          AND extd2d >= ?
      group by framec,covr1c,colr1c,extd2d
";
$parms = array(
    $row['dealer_id'], 
    $row['frame'], 
    $row['color'],
    $row['color'],
    intval(str_replace('-', '', $row['start_date']))
);
$prep_stmt = odbc_prepare($conn, $stmt2);
$success   = odbc_execute($prep_stmt, $parms);

参数标记?和数组中的替换数据可以防止注入,因为SQL解析器不会将替换数据视为SQL语句的一部分。正如您所看到的,保护您的程序免受恶意用户攻击并不是非常困难,所以每次使用SQL时都应该这样做。

相关问题
最新问题