混淆phpmysql的串联

| 我有这样的脚本: 
$sLimit = \"\";
        if ( isset( $_POST[\'iDisplayStart\'] ) && $_POST[\'iDisplayLength\'] != \'-1\' )
        {
                $sLimit = \"LIMIT \".mysql_real_escape_string( $_POST[\'iDisplayStart\'] ).\", \".
                        mysql_real_escape_string( $_POST[\'iDisplayLength\'] );
        }


if ( isset( $_POST[\'iSortCol_0\'] ) )
        {
                $sOrder = \"ORDER BY \";
                for ( $i=0 ; $i<intval( $_POST[\'iSortingCols\'] ) ; $i++ )
                {
                        if ( $_POST[ \'bSortable_\'.intval($_POST[\'iSortCol_\'.$i]) ] == \"true\" )
                        {
                                $sOrder .= $aColumns[ intval( $_POST[\'iSortCol_\'.$i] ) ].\"
                                        \".mysql_real_escape_string( $_POST[\'sSortDir_\'.$i] ) .\", \";
                        }
                }

                $sOrder = substr_replace( $sOrder, \"\", -2 );
                if ( $sOrder == \"ORDER BY\" )
                {
                        $sOrder = \"\";
                }
      }


$sGroupBy = \" GROUP BY A.Range_sampling, A.Lot_no \";
                $sQuery = \"SELECT SQL_CALC_FOUND_ROWS DATE(A.Inspection_datetime) AS Date, A.Line, A.Model, 
                                  A.Lot_no,A.Range_sampling,COUNT(A.Serial_number) AS Error,B.name AS PIC
                           FROM inspection_report A
                           LEFT JOIN Employee B
                           ON A.NIK=B.NIK
                           WHERE CHAR_LENGTH( A.Range_sampling ) < 17
                           AND MONTH(A.Inspection_datetime)=MONTH(CURRENT_DATE)\" .$sGroupBy.$sOrder.$sLimit; //error
        $rResult = mysql_query($sQuery) or _doError(_ERROR30 . \' (<small>\' . htmlspecialchars($sql) . \'</small>): \' . mysql_error() );
对于此脚本,我得到了错误: 
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'0, 10\' at line 7
添加空间后显示: 
Error message is :: \"Error occuered during query execution: (<small></small>): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'desc LIMIT 0, 10\' at line 8\";
完整查询: 
SELECT SQL_CALC_FOUND_ROWS DATE(A.Inspection_datetime) AS Date, A.Line, A.Model, A.Lot_no,A.Range_sampling,COUNT(A.Serial_number) AS Error,B.name AS PIC FROM inspection_report A LEFT JOIN Employee B ON A.NIK=B.NIK WHERE CHAR_LENGTH( A.Range_sampling ) < 17 AND MONTH(A.Inspection_datetime)=MONTH(CURRENT_DATE) GROUP BY A.Range_sampling, A.Lot_no ORDER BY desc LIMIT 0, 10
     
2020-01-24 2 条评论
分享

没有找到相关结果

    已邀请:

    佃蒜狗掂哥

    尝试在字符串的开头和结尾放置一些空格,例如\“ ORDER BY \”和\“ LIMIT \”。 另外,请向我们显示错误的sQuery变量的最终值。 现在,
    ORDER BY
    子句中没有字段: 
    ORDER BY desc LIMIT 0, 10
    在BY和desc之间应该是排序所依据的字段名称     
    2020-01-24 0 0
    分享
    为什么被折叠? 0 个回复被折叠

    要回复问题请先登录注册

    或代码 OrCode.com 备案号:粤ICP备15020848号-1
    Escape time: 0.046370029449463