doumu9799 2018-10-30 18:44
浏览 228
已采纳

在codeigniter中向SQL注入一个SQL

I am trying to inject a SQL with a DATE_FORMAT method and it gives me parsing error. But the query working perfectly in phpmyadmin. Below you can find my code which is my controller

public function index() {
  $sql = "SELECT DATE_FORMAT('added_date', "%M") AS Month, SUM(total) FROM tbl_order GROUP BY DATE_FORMAT('added_date', "%M")";
  $query = $this->db->query($sql);
  $orderData= $query->result_array();
  $data["orderData"] = $orderData;
  var_dump($data);die;
  $this->load->view('admindashboard/index.php',$data);
}

I have attached the error message as wellenter image description here

  • 写回答

3条回答 默认 最新

  • drgwsx8405 2018-10-30 18:48
    关注

    I think you can try to use '%M' instead of "%M", because it will split the string by ".

    $sql = "SELECT DATE_FORMAT(added_date, '%M') AS Month, 
    SUM(total) 
    FROM tbl_order 
    GROUP BY DATE_FORMAT(added_date, '%M')";
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 用matlab写代码
  • ¥30 motoradmin系统的多对多配置
  • ¥15 求组态王串口自定义通信配置方法或代码?
  • ¥15 实验 :UML2.0 结构建模
  • ¥20 用vivado写数字逻辑实验报告撰写,FPGA实验
  • ¥15 为什么shp文件会有这种小方块?
  • ¥15 ecplise在连接数据库时显示加载驱动成功但是数据库连接失败
  • ¥15 visionmaster启动失败,提示为“机器不满足授权而被禁用”
  • ¥15 IDEA中圈复杂度如何具体设置
  • ¥50 labview采集不了数据