0

我试图在 MySQL 语句中将两个变量传递给 ORDER BY $variable1 $variable2 。变量是从下拉菜单表单中获取的。

PHP

if(isset($_POST['order'])){
         $sort1 = mysql_real_escape_string($_POST['sort']);
         $sort2 = mysql_real_escape_string($_POST['order']);
        }
        if(!@$_POST['order']){
            $sort1 = 'ID';
            $sort2 = 'DESC';
        }
        $topics = mysql_query(" SELECT topic_id AS 'ID', topic_head AS 'Title', 
                                       topic_tags AS 'TAGS', topic_owner AS 'CREATED BY', topic_date AS 'CREATED ON'
                                FROM   forum_topics 
                                ORDER BY '{$sort1}' '{$sort2}'  ") or die (mysql_error());
                        ?>

HTML 表格

<ul class="sort">
        <li><form action="topics.php" method="post">
                <label class="label">Sort Table By</label>
                <select name="sort">
                    <option value ="">    </option>
                    <option value ="ID">ID</option>
                    <option value ="Title">Title</option>
                    <option value ="TAGS">TAGS</option>
                    <option value ="VIEWS">VIEWS</option>
                    <option value ="CREATED ON">CREATED ON</option>
                    <option value ="CREATED BY">CREATED BY</option>
                </select>

                <label class="label">Order By</label>

                <select name = "order" class="tap_Select">
                    <option value ="">    </option>
                    <option value ="ASC">Ascending</option>
                    <option value ="DESC">Descending</option>
                </select>

                <input type="submit" name="order" value="SORT" >
           </form>
        </li>
    </ul>

请帮忙。

更新

当我删除 $sort1 和 $sort2 周围的引号时

我收到此错误: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SORT' at line 4

更新 2

当我做 $sql = "....." 时,没有通过 mysql_query() 我得到了这个

SELECT topic_id AS 'ID', topic_head AS 'Title', topic_tags AS 'TAGS', topic_owner AS 'CREATED BY', topic_date AS 'CREATED ON' FROM forum_topics ORDER BY ID SORT

4

5 回答 5

6

不要使用引号,例如

ORDER BY 'ID' 'DESC'

是不正确的。它应该是

ORDER BY ID DESC

引号将 id 和 desc 转换为纯字符串,而不是关键字/字段名。

于 2012-09-11T20:42:11.637 回答
1

您的列名似乎包含空格,因此您需要使用反引号:

ORDER BY `{$sort1}` {$sort2}

另请注意,在该条款mysql_real_escape_string的情况下不提供任何保护。ORDER BY您需要根据允许输入的白名单检查您的输入。

于 2012-09-11T21:13:44.110 回答
1

删除括号并在排序元素之间添加逗号

ORDER BY $sort1 $sort2  ") or die (

编辑:进行以下更改,以便我们可以看到发生了什么...

走这条线

$topics = mysql_query(" SELECT topic_id AS 'ID', topic_head AS 'Title',  
                                   topic_tags AS 'TAGS', topic_owner AS 'CREATED BY', topic_date AS 'CREATED ON' 
                            FROM   forum_topics  
                            ORDER BY '{$sort1}' '{$sort2}'  ") or die (mysql_error());

将查询粘贴到变量中,并将mysql_query中的字符串替换为变量;

$query="SELECT topic_id AS 'ID', topic_head AS 'Title',  
                                   topic_tags AS 'TAGS', topic_owner AS 'CREATED BY', topic_date AS 'CREATED ON' 
                            FROM   forum_topics  
                            ORDER BY '{$sort1}' '{$sort2}'  ";
$topics = mysql_query($query) or die (mysql_error());

然后回显查询并将结果剪切/粘贴到问题中。事情并没有像你想象的那样发生。

echo $query;
于 2012-09-11T20:43:41.710 回答
0 
$topics = mysql_query("SELECT
    topic_id AS `ID`,
    topic_head AS `Title`, 
    topic_tags AS `TAGS`,
    topic_owner AS `CREATED BY`,
    topic_date AS `CREATED ON`
FROM   forum_topics 
ORDER BY {$sort1} {$sort2}'
") or die (mysql_error());

您需要删除'ORDER BY 值。另请注意在别名值周围首选使用反引号。

另请注意,您应该使用 mysqli_* 或 PDO,因为 mysql_* 已被弃用(请参阅 PHP.net 上大多数 mysql_* 相关功能的大红色警告。

于 2012-09-11T20:46:42.467 回答
0

以下语法在 PHP 7.4.12 和 MySQL 5.7.32 中适用于我:

$sort = sanitize_text_field($_POST['sort']; // e.g., 'title'
$order = sanitize_text_field($_POST['order']; // e.g., 'ASC'
$order_by = $sort . ' ' . $order;

$results = $wpdb->get_results( "
    SELECT
        *
    FROM
        MyTable
    ORDER BY
        $order_by
" );
于 2021-07-10T11:41:40.507 回答