我有这样的脚本:在phpmysql级联混淆
$sLimit = "";
if (isset($_POST['iDisplayStart']) && $_POST['iDisplayLength'] != '-1')
{
$sLimit = "LIMIT ".mysql_real_escape_string($_POST['iDisplayStart']).", ".
mysql_real_escape_string($_POST['iDisplayLength']);
}
if (isset($_POST['iSortCol_0']))
{
$sOrder = "ORDER BY ";
for ($i=0 ; $i<intval($_POST['iSortingCols']) ; $i++)
{
if ($_POST[ 'bSortable_'.intval($_POST['iSortCol_'.$i]) ] == "true")
{
$sOrder .= $aColumns[ intval($_POST['iSortCol_'.$i]) ]."
".mysql_real_escape_string($_POST['sSortDir_'.$i]) .", ";
}
}
$sOrder = substr_replace($sOrder, "", -2);
if ($sOrder == "ORDER BY")
{
$sOrder = "";
}
}
$sGroupBy = " GROUP BY A.Range_sampling, A.Lot_no ";
$sQuery = "SELECT SQL_CALC_FOUND_ROWS DATE(A.Inspection_datetime) AS Date, A.Line, A.Model,
A.Lot_no,A.Range_sampling,COUNT(A.Serial_number) AS Error,B.name AS PIC
FROM inspection_report A
LEFT JOIN Employee B
ON A.NIK=B.NIK
WHERE CHAR_LENGTH(A.Range_sampling) < 17
AND MONTH(A.Inspection_datetime)=MONTH(CURRENT_DATE)" .$sGroupBy.$sOrder.$sLimit; //error
$rResult = mysql_query($sQuery) or _doError(_ERROR30 . ' (<small>' . htmlspecialchars($sql) . '</small>): ' . mysql_error());
这个脚本我有错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0, 10' at line 7
后添加空格显示:
Error message is :: "Error occuered during query execution: (<small></small>): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc LIMIT 0, 10' at line 8";
完整的查询:
SELECT SQL_CALC_FOUND_ROWS DATE(A.Inspection_datetime) AS Date, A.Line, A.Model, A.Lot_no,A.Range_sampling,COUNT(A.Serial_number) AS Error,B.name AS PIC FROM inspection_report A LEFT JOIN Employee B ON A.NIK=B.NIK WHERE CHAR_LENGTH(A.Range_sampling) < 17 AND MONTH(A.Inspection_datetime)=MONTH(CURRENT_DATE) GROUP BY A.Range_sampling, A.Lot_no ORDER BY desc LIMIT 0, 10
给我们**纯文本SQL字段名* *根本没有任何php变量。 – zerkms 2011-05-24 04:07:52
你能回应完整的查询变成什么吗? – judda 2011-05-24 04:08:58
我想说你在LIMIT后缺少一个空格。我发现错误通常在错误消息中给出的字符串之前。编辑 - oops – dgig 2011-05-24 04:13:42