請幫我對此查詢:其中內子句聯接查詢
function viewServices($userpno)
{
echo $userpno;
$this->query = "
SELECT task.employee_id , task.user_id , task.service_id, service.name AS servicename ,
service.description AS servicedescription, employee.name AS employeename, employee.pic_path AS employeepicture,
employee.pic_path
FROM task where task.user_id = '$userpno'
INNER JOIN employee ON employee.pno = task.employee_id
INNER JOIN user ON user.pno = task.user_id
INNER JOIN service ON service.service_id = task.service_id
";
}
查詢工作完全沒有:
WHERE task.user_id = $userpno
:
WHERE task.user_id = '$userpno'
我已經以這種方式也嘗試
但它不起作用。
的錯誤是:
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in C:\wamp\www\admin\classes\Task.php on line 22
請quide我,我怎樣才能把WHERE子句。
你知道你在做什麼這裏是一個潛在的SQL注入攻擊?您*必須*通過mysql_real_escape_string發送userpno值。請參閱http://php.net/manual/fr/function.mysql-real-escape-string.php和http://en.wikipedia.org/wiki/SQL_injection。 – 2011-03-27 01:56:44
@FrançoisBeausoleil我們不確定'$ userpno'是從哪裏來的,所以我們不能肯定地說。也許這個函數直接從另一個查詢結果中傳遞userID。但是,如果它的價值來源於用戶的輸入,那麼你是絕對正確的。 – Wiseguy 2011-03-27 04:32:24