在 WHERE 子句中写入两个条件会在 PDO 查询中给出不正确的输出

Writing two conditions in WHERE clause gives incorrect output in PDO query

我的一个 PDO class 中有一个函数,当我在 WHERE 子句中写入两个条件时,它会执行不正确的查询。

我试过在数组中写入 WHERE,但它给了我一个未知的列错误,所以我以字符串格式编写了条件。如果我编写单个条件,查询将完美运行,但如果我编写多个条件,则会产生问题。

我的函数中有以下代码:

public function getNewsByDate($date, $lastdate){

    $args = array(
        'fields' => array(
                    'news.id', 
                    'news.title',                       
                    'news.summary',
                    'news.story', 
                    'news.image',                       
                    'news.added_by',
                    'news.status',
                    'news.added_date',                      
                    'news.news_category',
                    '(SELECT users.full_name FROM users WHERE id = news.added_by) as author',

                ),

        'where' => (' date BETWEEN "'.$date.'" AND "'.$lastdate.'"') AND (' archieveCategory = "magazine" '),

    );

    return $this->select($args, true);

}

当我调试上面的代码时,我得到的 sql 看起来像这样:

SELECT news.id, news.title, news.summary, news.story, news.image, 
         news.added_by, news.status, news.added_date, news.news_category,
         (SELECT users.full_name FROM users WHERE id = news.added_by) as author 
   FROM news 
   WHERE 1 
   ORDER BY news.id DESC

而且,我的 select 查询中有以下代码:

final protected function select($args = array(), $is_die = false){
            try {

        $this->sql = "SELECT ";
        if (isset($args['fields'])) {
            if (is_array($args['fields'])) {
                $this->sql .= implode(', ', $args['fields']);
            } else {
                $this->sql .= $args['fields'];
            }
        } else {
            $this->sql .= " * ";
        }
        $this->sql .= " FROM ";
        if (!isset($this->table) || empty($this->table)) {
            throw new Exception("Table not set");
        }
        $this->sql .= $this->table;

        /*Join Query*/
        if (isset($args['join']) && !empty($args['join'])) {
            $this->sql .= " ".$args['join'];
        }
        /*Join Query*/

        if (isset($args['where']) && !empty($args['where'])) {
            if (is_array($args['where'])) {
                $temp = array();
                foreach ($args['where'] as $column_name => $data) {
                    if (!is_array($data)) {
                        $data = array(
                            'value'     => $data,
                            'operator'  => '=',
                        );
                    }
                    $str = $column_name.' '.$data['operator'].' :'.str_replace('.', '_', $column_name);
                    $temp[] = $str;
                }
                $this->sql .= " WHERE ".implode(' AND ', $temp);
            } else {
                $this->sql .= " WHERE ".$args['where'];
            }
        }

        /*Group*/
        if (isset($args['group_by']) && !empty($args['group_by'])) {
            $this->sql .= " GROUP BY ".$args['group_by'];
        }
        /*Group*/

        /*Order*/
        if (isset($args['order_by']) && !empty($args['order_by'])) {
            $this->sql .= " ORDER BY ".$args['order_by'];
        } else {
            $this->sql .= " ORDER BY ".$this->table.".id DESC";
        }
        /*Order*/

        /*Limit*/
        if (isset($args['limit']) && !empty($args['limit'])) {
            if (is_array($args['limit'])) {
                $this->sql .= " LIMIT ".$args['limit'][0].",".$args['limit'][1];
            } else {
                $this->sql .= " LIMIT ".$args['limit'];
            }
        }
        /*Limit*/
        $this->stmt = $this->conn->prepare($this->sql);
        if (is_array($args['where']) || is_object($args['where'])){

            foreach ($args['where'] as $column_name => $data) {
            $value = is_array($data) ? $data['value'] : $data; //check if passed where statement was an array, fetch value if so
            if (is_int($value)) {
                $param = PDO::PARAM_INT;
            }elseif (is_bool($value)) {
                $param = PDO::PARAM_BOOL;
            }elseif (is_null($value)) {
                $param = PDO::PARAM_NULL;
            }else {
                $param = PDO::PARAM_STR;
            }
            if ($param) {
                $this->stmt->bindValue(":".str_replace('.', '_', $column_name), $value, $param);
            }
        }

        }

        if ($is_die) {

            echo $this->sql;

        }

        $this->stmt->execute();
        $data = $this->stmt->fetchAll(PDO::FETCH_OBJ);
        return $data;
        } catch (PDOException $e) {

                error_log(
                    date('Y-m-d h:i:s A').", Select Query: ".$e->getMessage()."\r\n"
                    , 3, ERROR_PATH.'/error.log');
                return false;
            } catch (Exception $e) {
                error_log(
                    date('Y-m-d h:i:s A').", General: ".$e->getMessage()."\r\n"
                    , 3, ERROR_PATH.'/error.log');
                return false;
            }
    }

我的预期结果是这样的:

SELECT news.id, news.title, news.summary, news.story, news.image, 
        news.added_by, news.status, news.added_date, news.news_category,
        (SELECT users.full_name FROM users WHERE id = news.added_by) as author
    FROM news WHERE date BETWEEN "2019-03-01" AND "2019-03-31" AND archeiveCategory = "magazine" 
    ORDER BY news.id DESC

在数组的 where 元素中,引号应该是...

    'where' => '( date BETWEEN "'.$date.'" AND "'.$lastdate.'") AND ( archieveCategory = "magazine" )',

在你的版本中

    'where' => (' date BETWEEN "'.$date.'" AND "'.$lastdate.'"') AND (' archieveCategory = "magazine" '),

您可以看到报价在开盘后(收盘前)开始,这意味着(我认为)您最终得到了

的逻辑等价物
    'where' => ('some string') AND ('another string'),

这是输出中 1 的来源。