0

这是我的 php 代码。当我尝试执行代码时,浏览器正在生成警告。

<?php
include("config.inc.php");


$link = mysql_connect('localhost', 'root', '')
or die('Could not connect: ' . mysql_error());
echo 'Connected successfully'; 

mysql_select_db('lookup') or die('Could not select database');

$query = 'SELECT airport_id FROM airport';
$result = mysql_query($query) or die('Query failed: ' . mysql_error());

echo "<table>\n"; 

while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) 
{
 echo "\t<tr>\n";
 foreach ($line as $col_value) 
 {
   echo "\t\t<td>$col_value</td>\n";
   $query1= 'SELECT distinct c.airport_ident,c.star_ident,c.fix_ident from corept.std_star_leg c
     INNER JOIN
     (SELECT star_ident,transition_ident,max(sequence_num) seq,route_type
      FROM corept.std_star_leg
      WHERE data_supplier='J' AND airport_ident='$col_value'
      GROUP BY star_ident,transition_ident)b
      ON c.sequence_num=b.seq AND c.star_ident=b.star_ident AND c.transition_ident=b.transition_ident
      WHERE  c.data_supplier='J'  AND c.airport_ident='$col_value'  AND

      NOT EXISTS

     (SELECT name,trans FROM skyplan_deploy.deploy_stars d
      WHERE d.apt=$col_value AND d.name!=d.trans
      AND c.star_ident=d.name and c.fix_ident=d.trans)

      UNION

     SELECT apt,name,trans FROM skyplan_deploy.deploy_stars d WHERE apt='$col_value' AND name!=trans
     AND

     NOT EXISTS

    (SELECT distinct c.star_ident,c.fix_ident from corept.std_star_leg c
     INNER JOIN
     (SELECT star_ident,transition_ident,max(sequence_num) seq,route_type FROM corept.std_star_leg
      WHERE data_supplier='J'  AND  airport_ident='$col_value'
      GROUP BY star_ident,transition_ident)b
      ON c.sequence_num=b.seq  AND  c.star_ident=b.star_ident AND c.transition_ident=b.transition_ident
      WHERE c.data_supplier='J' AND  c.airport_ident=$col_value AND d.name=c.star_ident  AND d.trans=c.fix_ident)';

   $result1 = mysql_query($query1) or die('Query failed: ' . mysql_error());
  while ($line1 = mysql_fetch_array($result1, MYSQL_ASSOC)) 
  {
   echo "\t<tr>\n";
   foreach ($line as $col_value) 
    {
     echo "\t\t<td>$col_value</td>\n";
     echo "\t</tr>\n";
    }
  }
 echo "\t</tr>\n";
}}
echo "</table>\n";

 mysql_free_result($result);

 mysql_close($link);
?>

当我尝试执行上述代码时,它会在第 22 行生成一个警告,其中我将 $col_value 包含在我的查询中。请帮我纠正它。谢谢。

4

5 回答 5

2

您缺少连接 ( .) 运算符:

$str = "Part 1" . $value . "Part 2";

但是,请不要这样查询,而是使用参数绑定。此类代码会导致SQL 注入攻击和/或轻微的性能下降。

于 2013-04-04T06:47:10.260 回答
0

使用这个查询。问题是您以变量开头'并使用'变量,但忘记转义它们。

$query1= "SELECT distinct c.airport_ident,c.star_ident,c.fix_ident from corept.std_star_leg c
 INNER JOIN
 (SELECT star_ident,transition_ident,max(sequence_num) seq,route_type
  FROM corept.std_star_leg
  WHERE data_supplier='J' AND airport_ident='$col_value'
  GROUP BY star_ident,transition_ident)b
  ON c.sequence_num=b.seq AND c.star_ident=b.star_ident AND c.transition_ident=b.transition_ident
  WHERE  c.data_supplier='J'  AND c.airport_ident='$col_value'  AND

  NOT EXISTS

 (SELECT name,trans FROM skyplan_deploy.deploy_stars d
  WHERE d.apt=$col_value AND d.name!=d.trans
  AND c.star_ident=d.name and c.fix_ident=d.trans)

  UNION

 SELECT apt,name,trans FROM skyplan_deploy.deploy_stars d WHERE apt='$col_value' AND name!=trans
 AND

 NOT EXISTS

(SELECT distinct c.star_ident,c.fix_ident from corept.std_star_leg c
 INNER JOIN
 (SELECT star_ident,transition_ident,max(sequence_num) seq,route_type FROM corept.std_star_leg
  WHERE data_supplier='J'  AND  airport_ident='$col_value'
  GROUP BY star_ident,transition_ident)b
  ON c.sequence_num=b.seq  AND  c.star_ident=b.star_ident AND c.transition_ident=b.transition_ident
  WHERE c.data_supplier='J' AND  c.airport_ident=$col_value AND d.name=c.star_ident  AND d.trans=c.fix_ident)";
于 2013-04-04T06:45:47.577 回答
0

您使用了错误的引号。请尝试以下查询

$query1= "SELECT distinct c.airport_ident,c.star_ident,c.fix_ident from corept.std_star_leg c
         INNER JOIN
         (SELECT star_ident,transition_ident,max(sequence_num) seq,route_type
          FROM corept.std_star_leg
          WHERE data_supplier='J' AND airport_ident='$col_value'
          GROUP BY star_ident,transition_ident)b
          ON c.sequence_num=b.seq AND c.star_ident=b.star_ident AND c.transition_ident=b.transition_ident
          WHERE  c.data_supplier='J'  AND c.airport_ident='$col_value'  AND

          NOT EXISTS

         (SELECT name,trans FROM skyplan_deploy.deploy_stars d
          WHERE d.apt=$col_value AND d.name!=d.trans
          AND c.star_ident=d.name and c.fix_ident=d.trans)

          UNION

         SELECT apt,name,trans FROM skyplan_deploy.deploy_stars d WHERE apt='$col_value' AND name!=trans
         AND

         NOT EXISTS

        (SELECT distinct c.star_ident,c.fix_ident from corept.std_star_leg c
         INNER JOIN
         (SELECT star_ident,transition_ident,max(sequence_num) seq,route_type FROM corept.std_star_leg
          WHERE data_supplier='J'  AND  airport_ident='$col_value'
          GROUP BY star_ident,transition_ident)b
          ON c.sequence_num=b.seq  AND  c.star_ident=b.star_ident AND c.transition_ident=b.transition_ident
          WHERE c.data_supplier='J' AND  c.airport_ident=$col_value AND d.name=c.star_ident  AND d.trans=c.fix_ident)";
于 2013-04-04T06:47:40.467 回答
0

将您的查询替换为:

$query1= 'SELECT distinct c.airport_ident,c.star_ident,c.fix_ident from corept.std_star_leg c
     INNER JOIN
     (SELECT star_ident,transition_ident,max(sequence_num) seq,route_type
      FROM corept.std_star_leg
      WHERE data_supplier="J" AND airport_ident='.$col_value.'
      GROUP BY star_ident,transition_ident)b
      ON c.sequence_num=b.seq AND c.star_ident=b.star_ident AND c.transition_ident=b.transition_ident
      WHERE  c.data_supplier="J"  AND c.airport_ident='.$col_value.'  AND

      NOT EXISTS

     (SELECT name,trans FROM skyplan_deploy.deploy_stars d
      WHERE d.apt=$col_value AND d.name!=d.trans
      AND c.star_ident=d.name and c.fix_ident=d.trans)

      UNION

     SELECT apt,name,trans FROM skyplan_deploy.deploy_stars d WHERE apt='.$col_value.' AND name!=trans
     AND

     NOT EXISTS

    (SELECT distinct c.star_ident,c.fix_ident from corept.std_star_leg c
     INNER JOIN
     (SELECT star_ident,transition_ident,max(sequence_num) seq,route_type FROM corept.std_star_leg
      WHERE data_supplier="J"  AND  airport_ident='.$col_value.'
      GROUP BY star_ident,transition_ident)b
      ON c.sequence_num=b.seq  AND  c.star_ident=b.star_ident AND c.transition_ident=b.transition_ident
      WHERE c.data_supplier="J" AND  c.airport_ident=$col_value AND d.name=c.star_ident  AND d.trans=c.fix_ident)';
于 2013-04-04T06:47:49.593 回答
0

我认为错误在于您的查询字符串。试试这个:

$query1= "SELECT distinct c.airport_ident,c.star_ident,c.fix_ident from corept.std_star_leg c
     INNER JOIN
     (SELECT star_ident,transition_ident,max(sequence_num) seq,route_type
      FROM corept.std_star_leg
      WHERE data_supplier='J' AND airport_ident='".$col_value."'
      GROUP BY star_ident,transition_ident)b
      ON c.sequence_num=b.seq AND c.star_ident=b.star_ident AND c.transition_ident=b.transition_ident
      WHERE  c.data_supplier='J'  AND c.airport_ident='".$col_value."'  AND

      NOT EXISTS
 (SELECT name,trans FROM skyplan_deploy.deploy_stars d
  WHERE d.apt=$col_value AND d.name!=d.trans
  AND c.star_ident=d.name and c.fix_ident=d.trans)

  UNION

 SELECT apt,name,trans FROM skyplan_deploy.deploy_stars d WHERE apt='".$col_value."' AND name!=trans
 AND

 NOT EXISTS

(SELECT distinct c.star_ident,c.fix_ident from corept.std_star_leg c
 INNER JOIN
 (SELECT star_ident,transition_ident,max(sequence_num) seq,route_type FROM corept.std_star_leg
  WHERE data_supplier='J'  AND  airport_ident='".$col_value."'
  GROUP BY star_ident,transition_ident)b
  ON c.sequence_num=b.seq  AND  c.star_ident=b.star_ident AND c.transition_ident=b.transition_ident
  WHERE c.data_supplier='J' AND  c.airport_ident='".$col_value."' AND d.name=c.star_ident  AND d.trans=c.fix_ident)"

您不能只在查询中包含变量。并在将查询放在 php 之前在后端测试您的查询。

于 2013-04-04T06:48:39.203 回答