← Back to team overview

maria-discuss team mailing list archive

Re: Which JOIN


well here is not php, but... it's a criticism...
before this query, did you checked that $_POST[*] are double or int values?
if they are string, maybe you can have sql injection in your app...
well if  it's php here is one example what i'm talking about...


// now concat your strings...
$SQL="select sum( CantidadPedida ) as SumPedida,
       sum( CantidadRecibida ) as SumRecibida,
       ArticuloCodigo, ArticuloNombre, ArticuloCosto,
       ArticulosDisponibles, ArticuloUnidad
  from ArticulosPedidos
inner join PedidosIndex on
   PedidosIndex.NumDePedido = ArticulosPedidos.NumDePedido
inner join CatArticulos on
   ArticulosPedidos.ArticuloID = CatArticulos.ArticuloID
where ArticulosPedidos.Fecha between
group by ArticulosPedidos.ArticuloID
order by SumPedida DESC limit 500"

about what this query do, i don't know... but from mysq

Follow ups