php - 使用 _POST 参数构建 SQL 查询

Question

我正在尝试构建动态查询，但遇到 SQL 语法错误。以下查询语句在显式输入时可以正常工作:

$sql = "SELECT * FROM English WHERE submitdate = '2015-09-30'";

但是，如果我尝试使用 _POST 参数构建相同的查询，我会收到语法错误，即使该错误显示了如上所示的正确查询:

if ($_POST["lang"] === "de") :
  $query_lang = 'SELECT * FROM German';
elseif ($_POST["lang"] === "en") :
  $query_lang = 'SELECT * FROM English';
else :
  $query_lang = 'SELECT * FROM English, German';
endif;

if ( !empty($_POST["date"]) || $_POST["date"] != "all") :
  $query_date = ' WHERE submitdate = \''. $_POST["date"] . '\'';
else :
  $query_date = '';
endif;

$sql = '"' . $query_lang . $query_date . '"';

错误信息是

Error: "SELECT * FROM English WHERE submitdate = '2015-09-30'"<br>
You have an error in your SQL syntax; check the manual that corresponds 
to your MySQL server version for the right syntax to use near 
'"SELECT * FROM English WHERE submitdate = '2015-09-30'"' at line 1

Answer 1

我觉得你在写

"SELECT * FROM English WHERE submitdate = '2015-09-30'"

代替

SELECT * FROM English WHERE submitdate = '2015-09-30'

试试把这个

$sql = $query_lang . $query_date;

看看有没有效果