数量=客户 我们知道我们的代码缺乏安全性,但是到目前为止,这并不是问题所在,并且该代码不会继续在公共网站上发布。
此代码从数据库中整理出值并将它们放在表中。 我们需要在一个复选框中对客户S001以及S176之间的所有内容进行排序,但是我们无法与Varchar一起使用。
<!doctype html>
<html>
<head>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
<link rel="stylesheet" href="css.css">
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/morris.js/0.5.1/morris.css">
</head>
<body>
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "garp";
$conn = new mysqli ($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
/* $query = $_GET['query']; */
$orderkund = $_GET['Orderkundinput'];
$artikel = $_GET['Artikelinput'];
$startDate =$_GET['startDate'];
$endDate =$_GET['endDate'] ;
$kund =$_GET['kund'];
$kund2 =$_GET['kund2'];
$kunds;
$min_length = 0;
$artikelQuery="";
$orderkundQuery="";
$kundQuery="";
$kund2Query="";
$kundsQuery;
if(strlen($artikel) >= $min_length){
$artikel = htmlspecialchars($artikel);
$artikel = mysqli_real_escape_string($conn, $artikel);
$artikelQuery = " AND Artikelnr = '$artikel'";
}
if (strlen($orderkund) >= $min_length){
$orderkund = htmlspecialchars($orderkund);
$orderkund = mysqli_real_escape_string($conn, $orderkund);
$orderkundQuery = " AND OrderKund = '$orderkund'";
}
if(strlen($kund) >= $min_length){
$kund = htmlspecialchars($kund);
$kund = mysqli_real_escape_string($conn, $kund);
$kundQuery = " OR OrderKund = '$kund'";
}
if(strlen($kund2) >= $min_length){
$kund2 = htmlspecialchars($kund2);
$kund2 = mysqli_real_escape_string($conn, $kund2);
$kund2Query = " OR OrderKund = '$kund2'";
}
if(strlen($kunds) >= $min_length){
$kunds = htmlspecialchars($kunds);
$kunds = mysqli_real_escape_string($conn, $kunds);
$kundsQuery = " between 'S176'";
}
if (strlen($startDate) >= $min_length){
$startDate = htmlspecialchars($startDate);
$startDate = mysqli_real_escape_string($conn, $startDate);
$startDateQuery = " AND Orderdatum between '$startDate' ";
}
if (strlen($endDate) >= $min_length){
$endDate = htmlspecialchars($endDate);
$endDate = mysqli_real_escape_string($conn, $endDate);
$endDateQuery = "AND '$endDate'";
}
$query = $artikelQuery.$orderkundQuery.$kundQuery.$kund2Query.$kundsQuery.$startDateQuery.$endDateQuery;
if(strlen($query) >= $min_length){
$sql = "SELECT OrderHuvud.Ordernummer ,OrderHuvud.OrderserieIK ,OrderKund ,Fakturakund ,Orderdatum ,Erreferens ,Levereratvarde ,Radnummer ,Artikelnr ,Benamning ,Leveranstid ,Ursprungligtantal ,Levereratantal ,Forspris ,Bruttopris ,Varukostnad FROM garp.OrderHuvud left join garp.OrderRad on OrderHuvud.Ordernummer = OrderRad.Ordernummer where OrderHuvud.OrderserieIK = 'K'" .$query ;
echo $sql;
$raw_results = $conn->query ($sql);
$row_cnt = false === $raw_results ? 0 : $raw_results->num_rows;
echo " <p class='rows'> Numbers of rows loaded: $row_cnt </p>";
if($row_cnt > 0){
while($raw_result = mysqli_fetch_array($raw_results)){
echo "<table class='table'><thead class='thead-light'><tr><th class='col'>".'Ordernummer'."</th><th class='col'>".'OrderserieIK'."</th><th class='col'>".'Orderkund'."</th><th class='col'>".'fakturakund'."</th><th class='col'>".'orderdatum'."</th><th class='col'>".'erreferens'."</th><th class='col'>".'leveratvarde'."</th><th class='col'>".'radnummer'."</th><th class='col'>".'artikelnr'."</th><th class='col'>".'benamning'."</th><th class='col'>".'leveranstid'."</th><th class='col'>".'Ursprungligtantal'."</th><th class='col'>".'Levereratantal'."</th><th class='col'>".'forspris'."</th><th class='col'>".'bruttopris'."</th><th class='col'>".'varukostnad'."</th></tr></thead>";
echo "<tbody><tr><td>".$raw_result['Ordernummer']."</td><td>".$raw_result['OrderserieIK']."</td><td>".$raw_result['OrderKund']."</td><td>".$raw_result['Fakturakund']."</td><td>".$raw_result['Orderdatum']."</td><td>".$raw_result['Erreferens']."</td><td>".$raw_result['Levereratvarde']."</td><td>".$raw_result['Radnummer']."</td><td>".$raw_result['Artikelnr']."</td><td>".$raw_result['Benamning']."</td><td>".$raw_result['Leveranstid']."</td><td>".$raw_result['Ursprungligtantal']."</td><td>".$raw_result['Levereratantal']."</td><td>".$raw_result['Forspris']."</td><td>".$raw_result['Bruttopris']."</td><td>".$raw_result['Varukostnad']."</td></tr></tbody></table>";
}
}
else{
echo "No return";
}
}
else{
echo "Minimum length is ".$min_length;
}
$query = substr($query, 4);
$sql2 = "SELECT OrderKund,Artikelnr, SUM(Forspris) as Forspris,SUM(Levereratantal) as Levereratantal FROM orderhuvud
left JOIN orderrad on orderhuvud.Ordernummer = orderrad.Ordernummer
where ". $query ." GROUP BY OrderKund,Artikelnr";
$result = mysqli_query($conn, $sql2) or die(mysqli_error($conn));
while($row = mysqli_fetch_array($result)){
echo "<div class='continer'><table class='table'><thead class='thead-light'><tr><th class='col'>".'OrderKund'."</th><th class='col'>".'Artikelnr'."</th><th class='col'>".'Forspris'."</th><th class='col'>".'levereratantal'."</th></tr></thead></div>";
echo "<div class='continer'><tbody><tr><td>".$row['OrderKund']."</td><td>".$row['Artikelnr']."</td><td>".$row['Forspris']."</td><td>".$row['Levereratantal']."</td></tr></tbody></table></div>";
}
?>
</body>
</html>
答案 0 :(得分:2)
我认为这部分负责不提供您期望的行。
OR orderkund = 'S001' BETWEEN 'S176' AND orderdatum BETWEEN '' AND ''
首先,我将删除最后一部分,因为它的两边都是空字符串,并且实际上没有任何作用。
orderdatum BETWEEN '' AND ''
我以前从未使用过between函数,但是从我看来,似乎您不应该在between之间进行相等的比较。我还建议将条件之间的具体情况包装在括号内,以便确保条件不会相互混合,因此最终结果应类似于以下内容:
OR (orderkund BETWEEN 'S001' AND 'S176') AND (orderdatum BETWEEN '' AND '')
如上所述,如果orderdatum值不可用,建议您删除最后一部分。
答案 1 :(得分:1)
select column_name from table_name where SUBSTRING(`customer`, 2) between 001 and 176
这是可行的,我已经在MySQL上尝试过
select OrderKund from orderhuvud where SUBSTRING(OrderKund, 2) between 1 and 176