前三个查询工作正常,但最后一个不是。第二届查询与$status !== ''
好吗工作,但最后一个具有相同$status !== ''
不执行查询任何一个可以帮助我需要帮助mysql查询
if (isset($_POST['go'])) {
$status = $_POST[status];
if ($status == 4){
$status = '' ;
}
if ($topic == 100 && $subtopic == '' && $status == '') {
$queryString = "select * from tblquiz where userid='$_SESSION[numericuserid]' LIMIT $start, $limit" ;
$countString = "select * from tblquiz where userid='$_SESSION[numericuserid]'";
} // NOTE : THIS QUERY IS WORKING PERFECT
elseif ($topic !== '' && $subtopic !== '' && $status !== '') {
$queryString = "select * from tblquiz where qstatus=$status AND qtopic='$topic[topicname]' AND subtopic='$_POST[subtopic]' AND userid='$_SESSION[numericuserid]' LIMIT $start, $limit" ;
$countString = "select * from tblquiz where qstatus=$status AND qtopic='$topic[topicname]' AND subtopic='$_POST[subtopic]' AND userid='$_SESSION[numericuserid]'";
} // NOTE : THIS QUERY IS WORKING PERFECT
elseif ($topic !== '' && $subtopic !== '' && $status == '') {
$queryString = "select * from tblquiz where qtopic='$topic[topicname]' AND subtopic='$_POST[subtopic]' AND userid='$_SESSION[numericuserid]' LIMIT $start, $limit" ;
$countString = "select * from tblquiz where qtopic='$topic[topicname]' AND subtopic='$_POST[subtopic]' AND userid='$_SESSION[numericuserid]'";
} // NOTE : THIS QUERY IS WORKING PERFECT
elseif ($topic == 100 && $subtopic == '' && $status !== '') {
$queryString = "select * from tblquiz where qstatus= $status AND userid='$_SESSION[numericuserid]' LIMIT $start, $limit" ;
$countString = "select * from tblquiz where qstatus= $status AND userid='$_SESSION[numericuserid]' ";
} **// NOTE : THIS QUERY IS NOT WORKING**
}
不是一个答案,但是现在有一个很大的机会,你有一个[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)易受攻击的应用程序。 – PeeHaa
qstatus缺少引号? – feathj
99%的问题是由于没有使用正确的[SQL占位符](http://bobby-tables.com/php)来完成您的查询构建而造成的。如果你使用这些技术,你不会有这样的问题。你现在拥有它的方式,这些查询完全运行将会是纯粹的运气。 – tadman