我不得不构建快速的pdo查询(这是非常旧的网站,使用框架是不可能的),并且当我输入多个搜索参数时遇到问题。PHP PDO查询SQLSTATE [42000]错误
(对于单参数它工作正常,但将两个或多个参数结合会导致SQLSTATE [42000]错误)。
完全错误:
<br />
<b>Fatal error</b>: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or
access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'WHERE CUSTPHON.PHONE = '1230001343'
GROUP BY CUSTOMER.CUST_ID
ORDER BY CUST' at line 7' in /home/larrysii/public_html/yaclib/lib/db.php:104
线104分贝是执行查询:
public function execute(){
return $this->stmt->execute();
}
这里有什么问题?
我从这样的形式获取数据(我不知道这PARAM将使用):
$searchParams = [];
if(strlen($_POST['customerName']) > 2)
$searchParams['customerName'] = strtolower(strip_tags(trim($_POST['customerName'])));
if(strlen($_POST['cardNumber']) == 7)
$searchParams['cardNumber'] = strtolower(strip_tags(trim($_POST['cardNumber'])));
if(strlen($_POST['phoneNumber']) > 3)
$searchParams['cardNumber'] = strtolower(strip_tags(trim($_POST['phoneNumber'])));
if(strlen($_POST['customerAddress']) > 3)
$searchParams['customerAddress'] = strtolower(strip_tags(trim($_POST['customerAddress'])));
if(strlen($_POST['customerEmail']) > 2)
$searchParams['customerEmail'] = strtolower(strip_tags(trim($_POST['customerEmail'])));
这就是如何使查询:
$queryArray = [];
foreach($searchParams as $key => $value):
switch ($key):
case 'customerName':
$queryArray['customerName'] = " WHERE LOWER(CUSTOMER.LAST_NAME) LIKE ? ";
break;
case 'cardNumber':
$queryArray['cardNumber'] = " WHERE CUSTPHON.PHONE = ? ";
break;
case 'phoneNumber':
$queryArray['cardNumber'] = " WHERE CUSTPHON.PHONE = ? ";
break;
case 'customerAddress':
$queryArray['customerAddress'] = " WHERE LOWER(CUSTADDR.ADDRESS) LIKE ? ";
break;
case 'customerEmail':
$queryArray['customerEmail'] = " WHERE LOWER(CUSTOMER.EMAIL) LIKE ? ";
break;
endswitch;
endforeach;
获取查询:
$queryString = implode(' OR ', $queryArray);
$query1 = "SELECT CUSTOMER.LAST_NAME,CUSTOMER.DOB,CUSTOMER.EMAIL,CUSTPHON.PHONE,CUSTOMER.CUST_ID,CUSTOMER.DATE_LAST,CUSTOMER.ORD_COUNT
FROM CUSTOMER
RIGHT JOIN CUSTPHON
ON CUSTOMER.CUST_ID=CUSTPHON.CUST_ID
RIGHT JOIN CUSTADDR
ON CUSTOMER.CUST_ID=CUSTADDR.CUST_ID
{$queryString}
GROUP BY CUSTOMER.CUST_ID
ORDER BY CUSTOMER.LAST_NAME
";
$pdo->prepareQuery($query1);
$i = 1;
foreach($searchParams as $key => $value):
switch ($key):
case 'cardNumber':
$cardNumber = $value;
if(strlen($value) == 7)
$cardNumber = '123' . (string)$value;
$pdo->bind($i, $cardNumber);
break;
case 'customerName':
case 'customerEmail':
case 'customerAddress':
$pdo->bind($i, "%$value%");
break;
endswitch;
$i++;
endforeach;
得到了一个完整的* *错误信息给我们,所以我们不必仰望“42000”究竟是什么? – deceze
为什么这么多'WHERE'条目?一旦准备好执行sql语句,将会很高兴。此外,'phoneNumber'的条目引用'cardNumber'〜'$ queryArray ['cardNumber'] =“WHERE CUSTPHON.PHONE =?”;'?? – RamRaider
嗯,我认为这是事实(额外的地方)。我需要检查这个。 – Sasha