1. 首頁
  2. 問答
  3. Transact-SQL和PHP的問題

Transact-SQL和PHP的問題

2012-04-04 63 views
0

運行在SQLManagement工作室這個查詢返回設置的162行Transact-SQL和PHP的問題

SELECT order_num, 
     status, 
     ship_date, 
     cust_ord_num, 
     weight, 
     carrier_desc, 
     consignee, 
     cases 
FROM v1oemf 
WHERE ACCOUNT = 'NESTLE' 
     AND status LIKE '%Shipped%' 
     AND (ship_date BETWEEN '20120327' AND '20120403')

這是我從echo得到了荷蘭國際集團我的PHP頁面上的代碼的結果的結果

echo "SELECT Order_num,Status,Ship_date,Cust_ord_num,Weight,Carrier_desc,Consignee,Cases FROM V1OEMF WHERE Account = '" . $_POST['account'] . "' AND Status LIKE '%". $_POST['custstat'] ."%' AND (Ship_date BETWEEN '".$_POST['start_date']."' AND '".$_POST['end_date']."')"; 
$rs=odbc_exec($link,"SELECT Order_num,Status,Ship_date,Cust_ord_num,Weight,Carrier_desc,Consignee,Cases FROM V1OEMF WHERE Account = '" . $_POST['account'] . "' AND Status LIKE '". $_POST['custstat'] ."' AND Ship_date BETWEEN '".$_POST['start_date']."' AND '".$_POST['end_date']."'");

結果集的PHP基於查詢的是0行,我不能爲我的生活看到了問題......

這裏是整段是應該建立重的表sults

$rs=odbc_exec($link,"SELECT Order_num,Status,Ship_date,Cust_ord_num,Weight,Carrier_desc,Consignee,Cases FROM V1OEMF WHERE Account = '" . $_POST['account'] . "' AND Status LIKE '". $_POST['custstat'] ."' AND Ship_date BETWEEN '".$_POST['start_date']."' AND '".$_POST['end_date']."'"); 
           $num = odbc_num_rows($rs); 
           echo $num; 
           echo "<table>"; 
           echo "<thead><tr class='header'>"; 
           echo "<td>Order #</td><td>Status</td><td>Ship Date</td><td>Sales Order #</td><td>Consignee</td><td>Carrier</td><td>Cases</td><td>Weight</td>"; 
           echo "</tr></thead>"; 
           while (odbc_fetch_row($rs)) { 
                 echo "<tr><td id='f1'><a class='ow' href='' id='" . odbc_result($rs,'Order_num') . "'>" . odbc_result($rs,'Order_num') . "</a></td><td id='f2'>" . odbc_result($rs,'Status') . "</td><td id='f3'>" . odbc_result($rs,'Ship_date') . "</td><td id='f5'>" . odbc_result($rs,'Cust_ord_num') . "</td><td id='f6'>" . odbc_result($rs,'Consignee') . "</td><td id='f7'>" . odbc_result($rs,'Carrier_desc') . "</td><td id='f8' align='right'>" . odbc_result($rs,'Cases') . "</td><td id='f9' align='right'>" . odbc_result($rs,'Weight') . "</td></tr>"; 
                 } 
           echo "</table>";

來源

2012-04-04 ScottC

+0

請注意,您的腳本已開放給SQL注入,並且可以通過['odbc_prepare()'](http://www.php.net/manual/en/function.odbc-prepare) php) – 2012-04-04 15:52:04

+0

我知道我打算改正這一點,謝謝 – ScottC 2012-04-04 16:04:09

回答

4

你會被周圍$_POST['custstat']需要%如果你想讓它做一個LIKE作爲你的第一個SQL語句。

你有他們在echo,但不是在實際的SQL。

來源

2012-04-04 15:50:25

相關問題

 相關問題