PHP PDO prepare/execute 对拼接字段的问题
修改DZ使用pgsql,数据库日志里面一个错误:错误:无效的整数类型输入语法: "192.168.0.5"
语句:SELECT s.sid, s.styleid, ...
FROM sessions s, members m
WHERE m.uid=s.uid AND s.sid='A3RO' AND (s.ip1 || '.' || s.ip2 || '.' || s.ip3 || '.' || s.ip4)=$1 AND m.uid=$2
AND m.password=$3 AND m.secques=$4
查看代码:
$sth = $dbh->prepare("SELECT s.sid, s.styleid, s.groupid='6' AS ipbanned, s.pageviews AS spageviews, s.lastolupdate, s.seccode, $membertablefields
FROM {$tablepre}sessions s, {$tablepre}members m
WHERE m.uid=s.uid AND s.sid='$sid' AND
(s.ip1 || '.' || s.ip2 || '.' || s.ip3 || '.' || s.ip4)=? AND m.uid=?
AND m.password=? AND m.secques=?");
经过测试,对于 (s.ip1 || '.' ... s.ip4) 这样的拼接字段不能绑定数据去preare。修改为如下后解决:
$sth = $dbh->prepare("SELECT s.sid, s.styleid, s.groupid='6' AS ipbanned, s.pageviews AS spageviews, s.lastolupdate, s.seccode, $membertablefields
FROM {$tablepre}sessions s, {$tablepre}members m
WHERE m.uid=s.uid AND s.sid='$sid' AND
(s.ip1 || '.' || s.ip2 || '.' || s.ip3 || '.' || s.ip4)='$onlineip' AND m.uid=?
AND m.password=? AND m.secques=?");
页:
[1]