这段PHP代码有什么问题?

时间:2018-04-23 09:56:01

标签: php

我正在编写一些html + php代码,但这部分似乎导致了错误。你看错了吗?

$sql = "SELECT p.seccio_id, count(*), sum(r.preu) 
FROM report r, persona p 
WHERE r.usuari_upc = p.persona_id 
and r.any = " . $_POST["any"] . " 
and r.mes = " . $_POST["mes"] . " 
and p.any_id = '" 
if ($_POST["mes"] < 9) echo ($_POST["any"] - 1) . "-" . $_POST["any"] . "'";
else echo $_POST["any"] "-" . ($_POST["any"] + 1) . "'";
"GROUP BY p.seccio_id
ORDER BY p.seccio_id";

1 个答案:

答案 0 :(得分:0)

你必须把它拆开:

$sql = "SELECT p.seccio_id, count(*), sum(r.preu) FROM report r, persona p WHERE .usuari_upc = p.persona_id and r.any = " . $_POST["any"] . " and r.mes = " . _POST["mes"] . " and p.any_id = '";

if ($_POST["mes"] < 9)
    $sql .= ($_POST["any"] - 1) . "-" . $_POST["any"] . "'";
else
    $sql .= $_POST["any"] "-" . ($_POST["any"] + 1) . "'";

$sql .= " GROUP BY p.seccio_id ORDER BY p.seccio_id";

P.S。你的sql很容易被SQL注入。

相关问题
最新问题