1. 首页
  2. 问答
  3. 在phpmysql级联混淆

在phpmysql级联混淆

2011-05-24 91 views
0

我有这样的脚本:在phpmysql级联混淆

$sLimit = ""; 
     if (isset($_POST['iDisplayStart']) && $_POST['iDisplayLength'] != '-1') 
     { 
       $sLimit = "LIMIT ".mysql_real_escape_string($_POST['iDisplayStart']).", ". 
         mysql_real_escape_string($_POST['iDisplayLength']); 
     } 


if (isset($_POST['iSortCol_0'])) 
     { 
       $sOrder = "ORDER BY "; 
       for ($i=0 ; $i<intval($_POST['iSortingCols']) ; $i++) 
       { 
         if ($_POST[ 'bSortable_'.intval($_POST['iSortCol_'.$i]) ] == "true") 
         { 
           $sOrder .= $aColumns[ intval($_POST['iSortCol_'.$i]) ]." 
             ".mysql_real_escape_string($_POST['sSortDir_'.$i]) .", "; 
         } 
       } 

       $sOrder = substr_replace($sOrder, "", -2); 
       if ($sOrder == "ORDER BY") 
       { 
         $sOrder = ""; 
       } 
     } 


$sGroupBy = " GROUP BY A.Range_sampling, A.Lot_no "; 
       $sQuery = "SELECT SQL_CALC_FOUND_ROWS DATE(A.Inspection_datetime) AS Date, A.Line, A.Model, 
            A.Lot_no,A.Range_sampling,COUNT(A.Serial_number) AS Error,B.name AS PIC 
          FROM inspection_report A 
          LEFT JOIN Employee B 
          ON A.NIK=B.NIK 
          WHERE CHAR_LENGTH(A.Range_sampling) < 17 
          AND MONTH(A.Inspection_datetime)=MONTH(CURRENT_DATE)" .$sGroupBy.$sOrder.$sLimit; //error 
     $rResult = mysql_query($sQuery) or _doError(_ERROR30 . ' (<small>' . htmlspecialchars($sql) . '</small>): ' . mysql_error());

这个脚本我有错误:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0, 10' at line 7

后添加空格显示:

Error message is :: "Error occuered during query execution: (<small></small>): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc LIMIT 0, 10' at line 8";

完整的查询:

SELECT SQL_CALC_FOUND_ROWS DATE(A.Inspection_datetime) AS Date, A.Line, A.Model, A.Lot_no,A.Range_sampling,COUNT(A.Serial_number) AS Error,B.name AS PIC FROM inspection_report A LEFT JOIN Employee B ON A.NIK=B.NIK WHERE CHAR_LENGTH(A.Range_sampling) < 17 AND MONTH(A.Inspection_datetime)=MONTH(CURRENT_DATE) GROUP BY A.Range_sampling, A.Lot_no ORDER BY desc LIMIT 0, 10

来源

2011-05-24 nunu

+1

给我们**纯文本SQL字段名* *根本没有任何php变量。 – zerkms 2011-05-24 04:07:52

+0

你能回应完整的查询变成什么吗? – judda 2011-05-24 04:08:58

+0

我想说你在LIMIT后缺少一个空格。我发现错误通常在错误消息中给出的字符串之前。编辑 - oops – dgig 2011-05-24 04:13:42

回答

1

尝试把一些空格开头和字符串一样的终结“ORDER BY”和“限制”。

另外,向我们展示错误的sQuery变量的最终值。

现在你没有一个领域的ORDER BY子句中:

ORDER BY desc LIMIT 0, 10

BY和desc之间应该是由你选

来源

2011-05-24 04:11:13

+0

您是指错误的sQuery变量的最终值是什么? – nunu 2011-05-24 04:14:53

+0

添加空间显示后:'错误消息是::“错误在查询执行过程中遇到以下情况:():您的SQL语法有错误;检查与您的MySQL服务器版本相对应的手册,在第8行'desc LIMIT 0,10'附近使用正确的语法;' – nunu 2011-05-24 04:16:31

+0

做一个'print($ sQuery);'在赋值之后和'$之前rResult = mysql_query($ sQuery)..'并向我们显示该打印的结果,因此我们可以看到如何构建字符串 – 2011-05-24 04:18:10

相关问题

 相关问题