我有一个Laravel控制器,下面是我为SQL查询编写的一段代码:
$query = <<<SQL
SELECT day, date, product1_shift1, product1_shift2, product1_shift3,
COALESCE(product1_shift1, 0) + COALESCE(product1_shift2, 0) + COALESCE(product1_shift3, 0) AS total_product1_qty
FROM (
SELECT DAYNAME(date) AS day, DATE_FORMAT(date, "%d-%m-%Y") AS date,
(SELECT SUM(qty) AS product1_shift1
FROM bill_details
JOIN bills ON bills.bill_id=bill_details.bill_id
WHERE bills.shift_id='48c73e3d-57de-4fea-aae4-7222d7e6afed'
AND bills.date=bills_master.date
AND bills_master.customer_id=bills.customer_id
AND bill_details.product_id='3516c43b-ffe3-4e90-9d93-924a9865c9cd') AS product1_shift1,
(SELECT SUM(qty) AS product1_shift2
FROM bill_details
JOIN bills ON bills.bill_id=bill_details.bill_id
WHERE bills.shift_id='463ec995-cfad-46ff-8e65-3115e6e651c5'
AND bills.date=bills_master.date
AND bills_master.customer_id=bills.customer_id
AND bill_details.product_id='3516c43b-ffe3-4e90-9d93-924a9865c9cd') AS product1_shift2,
(SELECT SUM(qty) AS product1_shift3
FROM bill_details
JOIN bills ON bills.bill_id=bill_details.bill_id
WHERE bills.shift_id='0a792c5f-84a6-4534-818c-427cfe8cd3ca'
AND bills.date=bills_master.date
AND bills_master.customer_id=bills.customer_id
AND bill_details.product_id='3516c43b-ffe3-4e90-9d93-924a9865c9cd') AS product1_shift3
FROM bills bills_master
WHERE bills_master.date BETWEEN '2023-04-07' AND '2023-04-09'
AND bills_master.customer_id='d9916741-ca61-4a57-b281-15c80fad833c'
GROUP BY bills_master.date
) subquery_alias
SQL;
dd(DB::select($query));如果我想把一个PHP变量替换成,例如,WHERE bills.shift_id='$phpVariable',我应该怎么做?
2条答案
按热度按时间c6ubokkw1#
您应该使用命名绑定来防止SQL注入,例如:
参考 www.example.com
mwg9r5ms2#
可以尝试使用字符串串联运算符'。'将变量值与查询字符串连接起来。例如:
因此,$shift_id使用运算符'连接到查询字符串。看看我能不能帮你。