| |
|
|
| |
mysql> SELECT * FROM lgar where dt = '2012-01-01';
+----+----------+---------------------+------------+----------------+------------+---------------------+---------+-----+--------+
| id | title | datetime_insert | datetime | datetime_close | dt | dt_close | comment | url | status |
+----+----------+---------------------+------------+----------------+------------+---------------------+---------+-----+--------+
| 46 | Тест | 2012-02-29 16:05:19 | 1325365200 | 1-1 1:0 | 2012-01-01 | 0000-00-00 00:00:00 | test | | NULL |
| 47 | Тест | 2012-02-29 16:16:27 | 1325365200 | 1-1 1:0 | 2012-01-01 | 0000-00-00 00:00:00 | test | | NULL |
+----+----------+---------------------+------------+----------------+------------+---------------------+---------+-----+--------+
2 rows in set (0.00 sec)
|
Есть
if($_GET[id_catalog] != 0) $where = "WHERE dt = $_GET[dt]"; //where dt = '2012-01-01'
else $where = "";
$query = "SELECT * FROM lgar $where";
$prd = mysql_query($query);
|
Как можно внести $_GET[dt] в одинарные кавычки? | |
| |
|
|
| |
|
|
| |
для: lgar
(29.02.2012 в 19:06)
| | |
if($_GET[id_catalog] != 0) $where = "WHERE dt = '".$_GET["dt"]."'"; //where dt = '2012-01-01'
else $where = "";
$query = "SELECT * FROM lgar $where";
$prd = mysql_query($query);
|
| |
| |
|
|
| |
|
|
| |
для: elenaki
(29.02.2012 в 19:23)
| | | Елена, огромная вам благодарность от всех хакеров планеты земля :) | |
| |
|
|
| |
|
|
| |
для: lgar
(29.02.2012 в 19:06)
| | |
<?php
$where = "";
// при условии что магические кавычки отключены
if(isset($_GET[dt])) $dt=mysql_real_escape_string($_GET[dt]);
if(isset($_GET[id_catalog])){
if($_GET[id_catalog ]!= 0 && $dt) $where = "WHERE dt = '$dt'";
}
$query = "SELECT * FROM lgar $where";
$prd = mysql_query($query);
?>
|
| |
| |
|
|
