不能让我的SQL做我想要的。希望它在给定ID之后返回数据新数据

时间:2011-05-01 23:15:11

标签: php mysql

我只想传入一个ID号(主键)并获取自该ID以来添加的任何条目。每个条目的ID都会递增,因此这应该是获取客户端新条目的安全方式。

但我收到一个错误字符串回到我的客户端

18Error retrieving scores You have an error in your SQL syntax; check the manual that  corresponds to your MySQL server version for the right syntax to use near 'id>18 ORDER BY id ASC LIMIT 0,100' at line 1

我一直在搞乱改变它的尝试方式并改变查询,所以它现在可能真的搞砸了。但无论如何我的代码如下:

$table = "highscores";

// Initialization
$conn = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD);
mysql_select_db(DB_NAME, $conn);

// Error checking
if(!$conn) {
    die('Could not connect ' . mysql_error());
}

$type   = isset($_GET['type']) ? $_GET['type'] : "global";
$offset = isset($_GET['offset']) ? $_GET['offset'] : "0";
$count  = isset($_GET['count']) ? $_GET['count'] : "100";
$sort   = isset($_GET['sort']) ? $_GET['sort'] : "id ASC";

// Localize the GET variables
$udid  = isset($_GET['udid']) ? $_GET['udid'] : "";
$name  = isset($_GET['name']) ? $_GET['name']  : "";
$clubname  = isset($_GET['clubname']) ? $_GET['clubname']  : "";
$theid  = isset($_GET['theid']) ? $_GET['theid']  : ""; 


// Protect against sql injections
$type   = mysql_real_escape_string($type);
$offset = mysql_real_escape_string($offset);
$count  = mysql_real_escape_string($count);
$sort   = mysql_real_escape_string($sort);
$udid   = mysql_real_escape_string($udid);
$name   = mysql_real_escape_string($name);
$clubname   = mysql_real_escape_string($clubname);
$theid   = mysql_real_escape_string($theid);

    echo $theid;

// Build the sql query
$sql = "SELECT * FROM $table WHERE ";
//$sql = "SELECT * FROM $table WHERE id>$theid ";

switch($type) {
    case "global":
        $sql .= "1 ";
        break;
    case "device":
        $sql .= "udid = '$udid' ";
        break;
    case "name":
        $sql .= "name = '$name' ";
        break;
    case "clubname":
        $sql .= "clubname = '$clubname' ";
        break;
}

$sql .= "id>$theid ";
$sql .= "ORDER BY $sort ";
$sql .= "LIMIT $offset,$count ";

$result = mysql_query($sql,$conn);

if(!$result) {
    die("Error retrieving scores " . mysql_error());
}
//echo $result;
$rows = array();
while($row = mysql_fetch_assoc($result)) {
    $rows[] = $row;
}

mysql_free_result($result);
mysql_close($conn);
echo json_encode($rows);

有人能让我走上正确的道路吗?

非常感谢, -code

1 个答案:

答案 0 :(得分:4)

你的where子句中总会有2个条件,但两者之间缺少OR或AND ......对于通过代码的可能路径之一,这是提供给服务器的:

SELECT * FROM $table 
WHERE udid = '$udid' id>$theid ORDER BY $sort LIMIT $offset,$count

但它应该像

SELECT * FROM $table 
WHERE udid = '$udid' AND id>$theid ORDER BY $sort LIMIT $offset,$count

但作为一般性评论,Oli和Arjan的建议是很好的建议,简单

echo $sql

非常有启发性。

相关问题
最新问题