<分区>
尝试使用通过 $_GET[] 检索的值时出现错误,尤其是 $start 和 $end,我用它们来限制结果的数量。每当我在最底部的代码块中对值进行硬编码时,服务器都可以毫无问题地获取结果。为什么我不能使用 MySQL 的 PHP PDO 准备语句将参数传递给 Limit?
这是我得到的错误
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]:
Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0', '20'
ORDER by orders.order_placed' at line 10' in /base/data/home/apps/s~beta/1.383539951926438776/admin/get/getorderitems.php:35
Stack trace:
#0 /base/data/home/apps/s~beta/1.383539951926438776/admin/get/getorderitems.php(35): PDOStatement->execute()
#1 {main}
thrown in /base/data/home/apps/s~beta/1.383539951926438776/admin/get/getorderitems.php on line 35
<?php
error_reporting(E_ALL); ini_set('display_errors', 1);
require('../../dbconnect.php');
$stadiums_id = $_GET['stadiums_id'];
$time = $_GET['time'];
$time_12ago = $time - 43200000; // last 12 hours
$start = 0 + $_GET['start']; // used for limit clause
$end = $start + 20;
$page = $_GET['page'];
$json;
// incoming order
if($page === "incoming"){
$statement=$con->prepare('SELECT orders.*,orders_has_items.*,
customers.id,customers.fname,customers.lname,items.*
FROM orders_has_items,items,orders,customers
WHERE orders.stadiums_id = :stadiums_id
AND orders_has_items.items_id = items.id
AND orders.id = orders_has_items.orders_id
AND customers.id = orders.customers_id
AND (orders.order_prepared IS NULL)
AND orders.create_time BETWEEN :time_12ago AND :time
ORDER by orders.order_placed
limit :start, :end');
$statement->bindParam(':stadiums_id',$stadiums_id); // bind param to variable
$statement->bindParam(':time_12ago',$time_12ago); // bind param to variable
$statement->bindParam(':time',$time); // bind param to variable
$statement->bindParam(':start',$start); // bind param to variable
$statement->bindParam(':end',$end); // bind param to variable
$statement->execute();
$results=$statement->fetchAll(PDO::FETCH_ASSOC);
$json=json_encode($results);
}
但是,如下所示,当对 Limit 进行硬编码时,下面的代码可以正常工作
$statement = $con->prepare('SELECT orders.*,orders_has_items.*,
customers.id,customers.fname,customers.lname,
items.*
from orders_has_items,items,orders,customers
where orders.stadiums_id = 1
and orders_has_items.items_id = items.id
and orders.id = orders_has_items.orders_id
and customers.id = orders.customers_id
and (orders.order_prepared IS NULL)
and orders.create_time between (1428735225152-43200000) and 1428735225152
order by orders.order_placed
limit 0,10');
$statement->execute();
$results=$statement->fetchALL(PDO::FETCH_ASSOC);
$json = json_encode($results);