我有以下代码
if(isset($_POST['submit']) || isset($_POST['mon']) || isset($_POST['yer']) ||
isset($_POST['acty'])) {
$mon = $_POST['mon'];
$yer = $_POST['yer'];
$acty = $_POST['acty'];
}
$str = "SELECT pty, SUM(`PW`) as Total
FROM heal
WHERE mon='$mon'
AND yer='$yer'
GROUP BY pty";
我如何将变量
$acty传递给它:SUM('PW') ....即SUM('$acty') 最佳答案
就像你说的那样
$str = "
SELECT
pty,
SUM($acty) as Total
FROM
heal
WHERE
mon='$mon' AND
yer='$yer'
GROUP BY
pty";
您可以在双引号内包含变量,而php会为您提供其内容。
旁注:您的代码已打开以进行SQL注入,您必须防止使用SQL注入来阻止代码。一些有用的链接:
How can I prevent SQL injection in PHP?
Are PDO prepared statements sufficient to prevent SQL injection?
关于php - sql语句中的变量,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/54983343/