关于数据库查询然产生的bug
手里有一段老代码, 今天突然出BUG了,实际上这段代码在某些服务器上可以正常运 我已经修复 但是不清楚什么原因导致BUG产生,所以
<code> $edit=$_POST['edit'];
$time=date("Y-m-d",time()-24*7*3600);
$result =$db->fetch_all("select * from table where workid= $edit and scantime >\"". $time."\"");
修复后
$edit=$_POST['edit'];
$time=date("Y-m-d",time()-24*7*3600);
$result =$db->fetch_all("select * from table where workid= $edit and scantime > $time ");
主要是把]
scantime >\"". $time."\"" 这个条件替换为 scantime > $time 就能正常获取数据,
区别是执行mysql语句的判定条件由 scantime >"2016-01-28" 修改为scantime > 2016-01-28 在$time前后是否拼接双引号scantime 这个字段的类型是datetime
事实上我之前的工作人员是用后一种写法查询不出数据知道改成前一种 ,今天我又改回来 ,不知道这个BUG原因究竟在哪 所以求助
</code>回复内容:
手里有一段老代码, 今天突然出BUG了,实际上这段代码在某些服务器上可以正常运 我已经修复 但是不清楚什么原因导致BUG产生,所以
<code> $edit=$_POST['edit'];
$time=date("Y-m-d",time()-24*7*3600);
$result =$db->fetch_all("select * from table where workid= $edit and scantime >\"". $time."\"");
修复后
$edit=$_POST['edit'];
$time=date("Y-m-d",time()-24*7*3600);
$result =$db->fetch_all("select * from table where workid= $edit and scantime > $time ");
主要是把]
scantime >\"". $time."\"" 这个条件替换为 scantime > $time 就能正常获取数据,
区别是执行mysql语句的判定条件由 scantime >"2016-01-28" 修改为scantime > 2016-01-28 在$time前后是否拼接双引号scantime 这个字段的类型是datetime
事实上我之前的工作人员是用后一种写法查询不出数据知道改成前一种 ,今天我又改回来 ,不知道这个BUG原因究竟在哪 所以求助
</code>
修改后
scantime > 2016-01-28这个条件,由于2016-01-28不是合法的 DATETIME Literal,因此被转为'0000-00-00 00:00'处理了。请检查你查询的结果,只要scantime这个字段不为 NULL 都符合这个条件。修改前不能正常获取数据,请在 MySQL 客户端手工执行相应查询调试错误,确认数据是否存在。
根据 MySQL 文档中,通常我们用单引号来包裹一个日期时间。
最后但很重要,这段代码是非常危险的,从
$_POST得到一个来自用户(可能是黑客哦)的变量,不做任何 escape 处理就放到查询里,这存在 SQL 注入攻击的风险,是非常严重的安全隐患。
MySQL ALLOW_INVALID_DATES
MySQL Date and Time Literals
PHP 文档关于 SQL 注入的说明
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati
How To Set Up Visual Studio Code (VS Code) for PHP Development
Dec 20, 2024 am 11:31 AM
Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c
How to fix mysql_native_password not loaded errors on MySQL 8.4
Dec 09, 2024 am 11:42 AM
One of the major changes introduced in MySQL 8.4 (the latest LTS release as of 2024) is that the "MySQL Native Password" plugin is no longer enabled by default. Further, MySQL 9.0 removes this plugin completely. This change affects PHP and other app
How do you parse and process HTML/XML in PHP?
Feb 07, 2025 am 11:57 AM
This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an
PHP Program to Count Vowels in a String
Feb 07, 2025 pm 12:12 PM
A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total
7 PHP Functions I Regret I Didn't Know Before
Nov 13, 2024 am 09:42 AM
If you are an experienced PHP developer, you might have the feeling that you’ve been there and done that already.You have developed a significant number of applications, debugged millions of lines of code, and tweaked a bunch of scripts to achieve op
Top 10 PHP CMS Platforms For Developers in 2024
Dec 05, 2024 am 10:29 AM
CMS stands for Content Management System. It is a software application or platform that enables users to create, manage, and modify digital content without requiring advanced technical knowledge. CMS allows users to easily create and organize content
How to Add Elements to the End of an Array in PHP
Feb 07, 2025 am 11:17 AM
Arrays are linear data structures used to process data in programming. Sometimes when we are processing arrays we need to add new elements to the existing array. In this article, we will discuss several ways to add elements to the end of an array in PHP, with code examples, output, and time and space complexity analysis for each method. Here are the different ways to add elements to an array: Use square brackets [] In PHP, the way to add elements to the end of an array is to use square brackets []. This syntax only works in cases where we want to add only a single element. The following is the syntax: $array[] = value; Example
