1. 首頁
  2. 問答
  3. 在sql查詢中插入php代碼

在sql查詢中插入php代碼

2013-02-27 141 views
-3 
function search_num_rows($param){ 
     $company_name=$param['company_name']; 
     $loan_no=$param['loan_no']; 

     $q = $this->db->query("select Count(0) as num_rows 
           from contact_new 
           inner join companies c on contact_new.company_id = c.id 
           inner join history on contact_new.id = history.receiver_email 
           inner join escalation_level on contact_new.escalation_level_id = escalation_level.id 
           inner join departments on contact_new.departmend_id = departments.id 
           WHERE loan_no= '$loan_no' if($company_name){ AND company_name= '$company_name'} ")->result(); 
    return $q[0]->num_rows; 
}

我可以插入php代碼,就像我在where子句中做的那樣。有任何其他方式可以在不使用活動記錄的情況下執行此操作。在sql查詢中插入php代碼

來源

2013-02-27 Imran Tufail

+0

有你不希望使用活動記錄插入一個特別的理由? – skrilled 2013-02-27 22:49:52

+0

你可以嗎?你有沒有嘗試過?如果有的話,錯誤是什麼? – 2013-02-27 22:50:06

+0

不要忘記逃跑。 – kapa 2013-02-27 22:52:47

回答

0

這其實非常簡單:

function search_num_rows($param){ 
     $company_name = (isset($param['company_name']) && !empty($param['company_name']) ? " AND company_name = '$param[company_name]'" : ''); 
     $loan_no=$param['loan_no']; 

     $q = $this->db->query("select Count(0) as num_rows 
           from contact_new 
           inner join companies c on contact_new.company_id = c.id 
           inner join history on contact_new.id = history.receiver_email 
           inner join escalation_level on contact_new.escalation_level_id = escalation_level.id 
           inner join departments on contact_new.departmend_id = departments.id 
           WHERE loan_no= '$loan_no' $company_name")->result(); 
    return $q[0]->num_rows; 
}

來源

2013-02-27 22:52:28 silkfire

+1

不要忘記逃跑。 SQL注入可以咬你。 – kapa 2013-02-27 22:53:54

相關問題

 相關問題