 |
อยากรู้ว่าแต่ละท่านจัดการ การเขียน sql กับ php ยังไง ไม่ให้ตาลายครับ |
| |
 |
|
|
 |
 |
|
ผมเขียน sql หลายๆ บรรทัดแล้วตาลายครับ ทำให้สลับตัวแปรบ้าง
เลยอยากทราบว่า แต่ละท่านจัดบรรทัดกันยังไงครับ
ผมเขียนแบบนี้ ซึ่งตาลายมากครับ 
Code (PHP)
$sql = "INSERT INTO cal_info \n";
$sql .= "( cal_id, ans_patient, ans_patient_csi, ans_patient_sum, ans_nurse, ans_nurse_csi, ans_nurse_sum, \n";
$sql .= "ans_pick, ans_pick_csi, ans_pick_sum, gen_m, gen_m_csi, gen_m_sum, gen_w, \n";
$sql .= "gen_w_csi, gen_w_sum, age_rang1, age_rang1_csi, age_rang1_sum, age_rang2, \n";
$sql .= "age_rang2_csi, age_rang2_sum, age_rang3, age_rang3_csi, age_rang3_sum, age_rang4, age_rang4_csi, age_rang4_sum, \n";
$sql .= "age_rang5, age_rang5_csi, age_rang5_sum, edu_primary, edu_primary_csi, edu_primary_sum, edu_high, \n";
$sql .= "edu_high_csi, edu_high_sum, edu_bachelor, edu_bachelor_csi, edu_bachelor_sum, cash_money, cash_money_csi, cash_money_sum, \n";
$sql .= "cash_tack, cash_tack_csi, cash_tack_sum, first_first, first_first_csi, first_first_sum, first_more, \n";
$sql .= "first_more_csi, first_more_sum, like1, like2, like3, like4,\n";
$sql .= "like5, like6, like7, like_sumary, like_no, \n";
$sql .= "com1_yes, com1_no, com2_yes, com2_no, \n";
$sql .= "com3_yes, com3_no, paper_sum, \n";
$sql .= "ans_patient_5, ans_nurse_5, ans_pick_5, gen_m_5, gen_w_5, \n";
$sql .= "age_rang1_5, age_rang2_5, age_rang3_5, age_rang4_5, age_rang5_5, \n";
$sql .= "edu_primary_5, edu_high_5, edu_bachelor_5, cash_money_5, cash_tack_5, \n";
$sql .= "first_first_5, first_more_5 \n";
$sql .= " ) \n";
$sql .= "VALUES \n ";
$sql .= "('$cal_id', '$ans[0]', '$ans_patient_csi', '$ans_patient_sum', '$ans[1]', '$ans_nurse_csi', '$ans_nurse_sum', \n ";
$sql .= " '$ans[2]', '$ans_pick_csi', '$ans_pick_sum', '$gen[0]', '$gen_m_csi', '$gen_m_sum', '$gen[1]', \n ";
$sql .= " '$gen_w_csi', '$gen_w_sum', '$age[0]', '$age_rang1_csi', '$age1_sum', '$age[1]', \n ";
$sql .= " '$age_rang2_csi', '$age2_sum', '$age[2]', '$age_rang3_csi', '$age3_sum', '$age[3]', '$age_rang4_csi', '$age4_sum', \n ";
$sql .= " '$age[4]', '$age_rang5_csi', '$age5_sum', '$edu[0]', '$edu_primary_csi', '$edu_primary_sum', '$edu[1]', \n ";
$sql .= " '$edu_high_csi', '$edu_high_sum', '$edu[2]', '$edu_bachelor_csi', '$edu_bachelor_sum', '$cash[0]', '$cash_money_csi', '$cash_money_sum', \n ";
$sql .= " '$cash[1]', '$cash_tack_csi', '$cash_tack_sum', '$first[0]', '$first_first_csi', '$first_first_sum', '$first[1]', \n ";
$sql .= " '$first_more_csi', '$first_more_sum', '$likeans[1]', '$likeans[2]', '$likeans[3]', '$likeans[4]', \n ";
$sql .= " '$likeans[5]', '$likeans[6]', '$likeans[7]', '$sumlike', '$like_no', \n ";
$sql .= " '$com1[0]', '$com1[1]', '$com2[0]', '$com2[1]', \n ";
$sql .= " '$com3[0]', '$com3[1]', '$sumpaper', \n";
$sql .= " '$ans_patient[5]', '$ans_nurse[5]', '$ans_pick[5]', '$gen_m[5]', '$gen_w[5]', \n ";
$sql .= " '$age1[5]', '$age2[5]', '$age3[5]', '$age4[5]', '$age5[5]', \n ";
$sql .= " '$edu_primary[5]', '$edu_high[5]', '$edu_bachelor[5]', '$cash_money[5]', '$cash_tack[5]', \n ";
$sql .= " '$first_first[5]', '$first_more[5]' \n ";
$sql .= " ); \n ";
mysql_query($sql)or die("<pre>$sql</pre>".mysql_error());
Tag : PHP, MySQL, HTML/CSS
|
|
|
 |
 |
 |
 |
| Date :
2014-09-10 11:19:39 |
By :
clubp_mark |
View :
1222 |
Reply :
18 |
|
 |
 |
 |
 |
|
|
|
|
 |
 |
|
 |
 |
| |
|
|
|
| |
|
ค่อยๆ เขียนทีละส่วน จากในไปหานอก
เทสทีละอันไปเรื่อยๆ จะได้รู้ว่าผิดตรงไหน
แต่ถ้าจะเปลี่ยนอะไรเพิ่มเติม ก็เขียนใหม่ ของที่เขียนเสร็จแล้ว รันได้ถูกต้องแล้ว จะไม่แตะต้องมันเด็ดขาด
Code (C#)
StringBuilder sb = new StringBuilder();
sb.AppendLine("SELECT r1.SectionCode, se.SectionName, r1.ProductCode, p.ProductName, p.GroupID, pg.GroupName, r1.CCtr, c.CCtrShortName AS Sector,");
sb.AppendLine("CASE WHEN dbo.Zone.ID = 1 THEN dbo.Zone.ZoneName + ' - ' + c.CCtrShortName ELSE dbo.Zone.ZoneName END AS Zone,");
sb.AppendLine("r1.Balance, ABS(r1.Cancel) * -1 AS Cancel, r1.AccruedRevenue AS Accrued,");
sb.AppendLine("r1.Balance + (ABS(r1.Cancel) * -1) + r1.AccruedRevenue AS Total");
sb.AppendLine("FROM (SELECT");
sb.AppendLine("CASE WHEN invoice.SectionCode IS NULL THEN AccruedRevenue.SectionCode ELSE invoice.SectionCode END AS SectionCode,");
sb.AppendLine("CASE WHEN invoice.ProductCode IS NULL THEN AccruedRevenue.ProductCode ELSE invoice.ProductCode END AS ProductCode,");
sb.AppendLine("CASE WHEN invoice.CCtr IS NULL THEN AccruedRevenue.CCtr ELSE invoice.CCtr END AS CCtr,");
sb.AppendLine("CASE WHEN invoice.Balance IS NULL THEN 0 ELSE invoice.Balance END AS Balance,");
sb.AppendLine("CASE WHEN invoice.Cancel IS NULL THEN 0 ELSE invoice.Cancel END AS Cancel,");
sb.AppendLine("CASE WHEN AccruedRevenue.AccruedRevenue IS NULL THEN 0 ELSE CONVERT(money, AccruedRevenue) END AS AccruedRevenue");
sb.AppendLine("FROM (SELECT");
sb.AppendLine("CASE WHEN Balance_0.SectionCode IS NULL THEN Cancel_0.SectionCode ELSE Balance_0.SectionCode END AS SectionCode,");
sb.AppendLine("CASE WHEN Balance_0.ProductCode IS NULL THEN Cancel_0.ProductCode ELSE Balance_0.ProductCode END AS ProductCode,");
sb.AppendLine("CASE WHEN Balance_0.CCtr IS NULL THEN Cancel_0.CCtr ELSE Balance_0.CCtr END AS CCtr,");
sb.AppendLine("CASE WHEN Balance_0.Balance IS NULL THEN 0 ELSE Balance_0.Balance END AS Balance,");
sb.AppendLine("CASE WHEN Cancel_0.balance IS NULL THEN 0 ELSE Cancel_0.balance END AS Cancel");
sb.AppendLine("FROM (SELECT");
sb.AppendLine("SectionCode, ProductCode, CCtr, SUM(Balance) AS Balance");
sb.AppendLine("FROM (SELECT");
sb.AppendLine("Balance_1.SectionCode, Balance_1.ProductCode,");
sb.AppendLine("CASE WHEN Home_1.CCtr IS NULL THEN Balance_1.RevenueCode ELSE Home_1.CCtr END AS CCtr,");
sb.AppendLine("Balance_1.Balance");
sb.AppendLine("FROM (SELECT");
sb.AppendLine("Summary_1.SectionCode, Detail_1.ProductCode, Detail_1.RevenueCode, SUM(Detail_1.Balance) AS Balance");
sb.AppendLine("FROM dbo.Detail AS Detail_1");
sb.AppendLine("INNER JOIN dbo.Summary AS Summary_1 ON Detail_1.InvoiceNo = Summary_1.InvoiceNo");
sb.AppendLine("WHERE (Summary_1.InvoiceDate BETWEEN @StartDate AND @EndDate)");
sb.AppendLine("AND (Summary_1.SectionCode <> '00000') AND (NOT (Summary_1.InvoiceNo LIKE 'MV%'))");
sb.AppendLine("GROUP BY Summary_1.SectionCode, Detail_1.ProductCode, Detail_1.RevenueCode) AS Balance_1");
sb.AppendLine("LEFT OUTER JOIN dbo.HomeLocation AS Home_1 ON Balance_1.RevenueCode = Home_1.LocationCode) AS Balance_2");
sb.AppendLine("GROUP BY SectionCode, ProductCode, CCtr) AS Balance_0");
sb.AppendLine("FULL OUTER JOIN (");
sb.AppendLine("SELECT SectionCode, ProductCode, CCtr, SUM(Balance) AS Balance");
sb.AppendLine("FROM (SELECT");
sb.AppendLine("Cancel_3.SectionCode, Cancel_3.ProductCode,");
sb.AppendLine("CASE WHEN hh.cctr IS NULL THEN Cancel_3.RevenueCode ELSE hh.cctr END AS CCtr, ");
sb.AppendLine("Cancel_3.Balance");
sb.AppendLine("FROM (SELECT");
sb.AppendLine("Cancel_2.SectionCode, Detail_2.ProductCode, Detail_2.RevenueCode, SUM(Detail_2.Balance) AS Balance");
sb.AppendLine("FROM dbo.Detail AS Detail_2");
sb.AppendLine("INNER JOIN");
sb.AppendLine("(SELECT Cancel_1.InvoiceNo, Summary_2.SectionCode");
sb.AppendLine("FROM dbo.Disconnect AS Cancel_1");
sb.AppendLine("INNER JOIN dbo.Summary AS Summary_2 ON Cancel_1.InvoiceNo = Summary_2.InvoiceNo");
sb.AppendLine("WHERE (Summary_2.InvoiceDate > @LastYear)");
sb.AppendLine("AND (Cancel_1.EndDate BETWEEN @StartDate AND @EndDate)");
sb.AppendLine("AND (Summary_2.SectionCode <> '00000') AND (NOT (Summary_2.InvoiceNo LIKE 'MV%'))) AS Cancel_2 ON Detail_2.InvoiceNo = Cancel_2.InvoiceNo");
sb.AppendLine("GROUP BY Cancel_2.SectionCode, Detail_2.ProductCode, Detail_2.RevenueCode) AS Cancel_3");
sb.AppendLine("LEFT OUTER JOIN dbo.HomeLocation AS hh ON Cancel_3.RevenueCode = hh.LocationCode) AS Cancel");
sb.AppendLine("GROUP BY SectionCode, ProductCode, CCtr) AS Cancel_0 ON Balance_0.SectionCode = Cancel_0.SectionCode");
sb.AppendLine("AND Balance_0.ProductCode = Cancel_0.ProductCode AND Balance_0.CCtr = Cancel_0.CCtr) AS Invoice");
sb.AppendLine("FULL OUTER JOIN (");
sb.AppendLine("SELECT SectionCode, ProductCode, CCTR, Amount1, Amount2, Amount1 + Amount2 AS AccruedRevenue");
sb.AppendLine("FROM (SELECT");
sb.AppendLine("CASE WHEN m1.docdate IS NULL THEN m2.docdate ELSE m1.docdate END AS DocDate,");
sb.AppendLine("CASE WHEN m1.SectionCode IS NULL THEN m2.SectionCode ELSE m1.SectionCode END AS SectionCode,");
sb.AppendLine("CASE WHEN m1.ProductCode IS NULL THEN m2.ProductCode ELSE m1.ProductCode END AS ProductCode,");
sb.AppendLine("CASE WHEN m1.CCTR IS NULL THEN m2.CCTR ELSE m1.CCTR END AS CCTR,");
sb.AppendLine("CASE WHEN m1.Amount IS NULL THEN 0 ELSE m1.Amount END AS Amount1,");
sb.AppendLine("CASE WHEN m2.Amount IS NULL THEN 0 ELSE m2.Amount END AS Amount2");
sb.AppendLine("FROM (SELECT");
sb.AppendLine("SectionCode, CCTR, ProductCode, ABS(SUM(Amount)) * - 1 AS Amount,");
sb.AppendLine("DATEADD(mm, 1, CONVERT(smalldatetime, '1/' + CONVERT(nvarchar(2), MONTH(DocDate)) + '/' + CONVERT(nvarchar(4), YEAR(DocDate), 103))) AS DocDate");
sb.AppendLine("FROM dbo.AccruedRevenue AS AccruedRevenue_4");
sb.AppendLine("WHERE (CONVERT(smalldatetime, '1/' + CONVERT(nvarchar(2), MONTH(DocDate)) + '/' + CONVERT(nvarchar(4), YEAR(DocDate), 103)) <> (");
sb.AppendLine("SELECT MAX(CONVERT(smalldatetime, '1/' + CONVERT(nvarchar(2), MONTH(DocDate)) + '/' + CONVERT(nvarchar(4), YEAR(DocDate), 103))) AS DocDate");
sb.AppendLine("FROM dbo.AccruedRevenue AS AccruedRevenue_1))");
sb.AppendLine("GROUP BY SectionCode, CCTR, ProductCode, YEAR(DocDate), MONTH(DocDate)) AS m1");
sb.AppendLine("FULL OUTER JOIN (");
sb.AppendLine("SELECT SectionCode, CCTR, ProductCode, SUM(Amount) AS Amount,");
sb.AppendLine("CONVERT(smalldatetime, '1/' + CONVERT(nvarchar(2), MONTH(DocDate)) + '/' + CONVERT(nvarchar(4), YEAR(DocDate), 103)) AS DocDate");
sb.AppendLine("FROM dbo.AccruedRevenue AS AccruedRevenue_3");
sb.AppendLine("WHERE (CONVERT(smalldatetime, '1/' + CONVERT(nvarchar(2), MONTH(DocDate)) + '/' + CONVERT(nvarchar(4), YEAR(DocDate), 103)) <> (");
sb.AppendLine("SELECT MIN(CONVERT(smalldatetime, '1/' + CONVERT(nvarchar(2), MONTH(DocDate)) + '/' + CONVERT(nvarchar(4), YEAR(DocDate), 103))) AS DocDate");
sb.AppendLine("FROM dbo.AccruedRevenue AS AccruedRevenue_2))");
sb.AppendLine("GROUP BY SectionCode, CCTR, ProductCode, YEAR(DocDate), MONTH(DocDate)) AS m2 ON m1.SectionCode = m2.SectionCode");
sb.AppendLine("AND m1.CCTR = m2.CCTR AND m1.ProductCode = m2.ProductCode");
sb.AppendLine("AND m1.DocDate = m2.DocDate) AS Accrued_1");
sb.AppendLine("WHERE (DocDate = @StartDate)) AS AccruedRevenue ON Invoice.SectionCode = AccruedRevenue.SectionCode");
sb.AppendLine("AND Invoice.ProductCode = AccruedRevenue.ProductCode AND Invoice.CCtr = AccruedRevenue.CCTR) AS r1");
sb.AppendLine("INNER JOIN dbo.Section AS se ON r1.SectionCode = se.SectionCode");
sb.AppendLine("LEFT OUTER JOIN dbo.Product AS p ON r1.ProductCode = p.ProductCode");
sb.AppendLine("LEFT OUTER JOIN dbo.CostCenter AS c ON r1.CCtr = c.CCtr");
sb.AppendLine("LEFT OUTER JOIN dbo.Zone ON c.ZoneID = dbo.Zone.ID");
sb.AppendLine("LEFT OUTER JOIN dbo.ProductGroup AS pg ON p.GroupID = pg.ID");
sb.AppendLine("ORDER BY r1.SectionCode, p.GroupID, r1.ProductCode, r1.CCtr ASC");
|
| |
|
|
| |
| Date :
2014-09-10 11:30:24 |
By :
ห้ามตอบเกินวันละ 2 กระทู้ |
|
|
| |
|
|
|
|
|
| |
|
|
|
| |
|
|
|
| |
|
แนะนำให้เขียนประมาณนี้ครับ ดูง่ายดี แยกเป็นส่วนๆ
Code (PHP)
$sql = " INSERT INTO tbl_content_1234(
content_name
, content_detail
, content_profile
, content_start_date
, content_end_date
, content_status
, content_view
, content_type
, content_date
, content_time
, content_admin
, content_ip)
VALUES(
'$title'
, '$detail'
, '$imgProfile'
, '$start_date'
, '$end_date'
, '1'
, '0'
, '0'
, '$today'
, '$time'
, '$_SESSION[mem_uname]'
, '$_SERVER[REMOTE_ADDR]'
)
"
|
| |
|
|
| |
| Date :
2014-09-10 11:50:16 |
By :
arm8957 |
|
|
| |
|
|
|
|
|
| |
|
|
|
| |
|
|
|
| |
|
หมายถึงแบบนี้ครับ
<?php
$cal_id = '2';
$ans[0] = '3';
$ans_patient_csi = '4';
$ans_patient_sum = '5';
$data = array(
'cal_id' => $cal_id,
'ans_patient' => $ans[0],
'ans_patient_csi' => $ans_patient_csi,
'ans_patient_sum' => $ans_patient_sum
);
$field = implode(', ', array_keys($data));
$value = "'". implode("', '", array_values($data)) . "'";
$sql = "INSERT INTO cal_info ($field) VALUES ($value)";
echo $sql;
?>
|
| |
|
|
| |
| Date :
2014-09-10 21:34:14 |
By :
{Cyberman} |
|
|
| |
|
|
|
|
|
| |
|
|
|
| |
|
|
|
| |
|
อาร์เรย์ $data จะใช้เอาไปสร้าง INSERT หรือ UPDATE ก็ได้
และขั้นตอนการพิมพ์ก้ไม่มีพลาด เพราะซ้ายคือชื่อฟิลด์ ขวาคือค่าที่ต้องการบันทึก ไม่มีหลงฟิลด์ครับ 
เมื่อเช้าผมหาลิงค์ไม่เจอ อันนี้ลิงค์ใหม่นะครับมีตัว DEMO ให้ลองเล่นด้วย
http://www.sunzan-design.com/2013/05/php-codeing-generate-sql-insert-command.html
ปล. มีซอร์สโค๊ดในหน้า DEMO และตัวอย่างผลลัพธ์ 3 แบบที่นำไปใช้งานต่อไป
แบบที่ 3 คือตัวอย่างที่ผมแนะนำไปในคอมเมนต์ก่อนหน้านี้ครับ
|
ประวัติการแก้ไข
2014-09-10 21:37:54
2014-09-10 21:39:52
| |
|
|
| |
| Date :
2014-09-10 21:35:44 |
By :
{Cyberman} |
|
|
| |
|
|
|
|
|
| |
|
|
|
| |
|
|
|
| |
|
ถ้าชำนาญแล้วก็เปลี่ยนไปใช้พวก db class อย่าง phpadodb ที่เป็น active record มันช่วยกัน sql injection ได้และโค้ดดูง่ายด้วย
ถ้าชำนาญขึ้นไปอีกก็เปลี่ยนไปใช้ framework เดี๋ยวนี้มีพวก ORM, active record, query builder มาให้ใช้เต็มไปหมด เลือกตามความเหมาะ
|
| |
|
|
| |
| Date :
2014-09-11 07:27:34 |
By :
mr.v |
|
|
| |
|
|
|
|
|
| |
|
|
|
| |
|
|
|
| |
|
สำหรับการป้องกัน SQL Injection ขอนำเสนอวิธีนี้ครับ mysql_real_escape_string
กรณีส่งข้อมูลมาแบบ POST
<?php
$_POST = array_map ('mysql_real_escape_string', $_POST);
$data = array(
'cal_id' => $_POST['cal_id'],
'ans_patient' => $_POST['ans'][0],
'ans_patient_csi' => $_POST['ans_patient_csi'],
'ans_patient_sum' => $_POST['ans_patient_sum']
);
$field = implode(', ', array_keys($data));
$value = "'". implode("', '", array_values($data)) . "'";
$sql = "INSERT INTO cal_info ($field) VALUES ($value)";
echo $sql;
?>
|
ประวัติการแก้ไข
2014-09-11 07:32:37
| |
|
|
| |
| Date :
2014-09-11 07:32:08 |
By :
{Cyberman} |
|
|
| |
|
|
|
|
|
| |
|
|
|
| |
|
|
|
| |
|
- orm ไม่เหมาะกับ query ที่ซับซ้อน มันช้า (แต่ insert คำสั่งเดียวยาวๆ แบบนี้ไม่มีปัญหา)
- ทำไมลองดูส่งค่าแบบ parameter หน่อยเหรอ php มันไปถึง v.5.6 แล้วนะ ยังต่อ string กันอยู่อีกหรือ
ใน database ข้อมูลมันมี type นะ ไม่ได้เหมือน php ดังนั้นส่งแบบ parameter แล้วระบุ type ไปด้วย
จะได้ไม่ต้องระวังข้อมูลแปลงผิด
- ทำไม table ใหญ่จัง ได้ทำ normalization หรือยังจ๊ะ
|
| |
|
|
| |
| Date :
2014-09-11 08:35:32 |
By :
ห้ามตอบเกินวันละ 2 กระทู้ |
|
|
| |
|
|
|
|
|
| |
|
|
|
|
|
