- 01
- 02
- 03
- 04
- 05
- 06
- 07
- 08
- 09
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
public function getOrdersByMonth($year)
{
$data = array();
$overallquanities = self::$DBH->query('SELECT SUM(quanity) as quanity, DATE_FORMAT(timestamp,\'%m\') as mdata,phone,comment FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\')=\'' . $year . '\' AND phone!=(\'test\') AND phone!=(\'тест\') AND comment!=(\'test\') AND comment!=(\'тест\') GROUP BY DATE_FORMAT(timestamp,\'%Y %m\')')->fetchAll(PDO::FETCH_ASSOC);
$overallsumms = self::$DBH->query('SELECT SUM(cost) as cost, DATE_FORMAT(timestamp,\'%Y %m %d\') as mdata FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\')=\'' . $year . '\' AND phone!=(\'test\') AND phone!=(\'тест\') AND comment!=(\'test\') AND comment!=(\'тест\') GROUP BY DATE_FORMAT(timestamp,\'%Y %m\')')->fetchAll(PDO::FETCH_ASSOC);
$overallorders = self::$DBH->query('SELECT COUNT(DISTINCT currcount) as count, DATE_FORMAT(timestamp,\'%Y %m %d\') as mdata FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\')=\'' . $year . '\' AND phone!=(\'test\') AND phone!=(\'тест\') AND comment!=(\'test\') AND comment!=(\'тест\') GROUP BY DATE_FORMAT(timestamp,\'%Y %m\')')->fetchAll(PDO::FETCH_ASSOC);
$overallcomplex = self::$DBH->query('SELECT COUNT(*) as count, DATE_FORMAT(timestamp,\'%Y %m %d\') as mdata FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\')=\'' . $year . '\' AND suborder=2 AND phone!=(\'test\') AND phone!=(\'тест\') AND comment!=(\'test\') AND comment!=(\'тест\') GROUP BY DATE_FORMAT(timestamp,\'%Y %m\')')->fetchAll(PDO::FETCH_ASSOC);
$overall_glnz = self::$DBH->query('SELECT SUM(quanity) as quanity,SUM(cost) as cost, DATE_FORMAT(timestamp,\'%Y %m %d\') as mdata FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\')=\'' . $year . '\' AND paper=\'glnz\' AND phone!=(\'test\') AND phone!=(\'тест\') AND comment!=(\'test\') AND comment!=(\'тест\') GROUP BY DATE_FORMAT(timestamp,\'%Y %m\')')->fetchAll(PDO::FETCH_ASSOC);
//TODO: $overall_mat сделать просто рассчет вычитание из общего количества
$overall_mat = self::$DBH->query('SELECT SUM(quanity) as quanity,SUM(cost) as cost, DATE_FORMAT(timestamp,\'%Y %m %d\') as mdata FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\')=\'' . $year . '\' AND paper=\'mat\' AND phone!=(\'test\') AND phone!=(\'тест\') AND comment!=(\'test\') AND comment!=(\'тест\') GROUP BY DATE_FORMAT(timestamp,\'%Y %m\')')->fetchAll(PDO::FETCH_ASSOC);
$overall_autocor = self::$DBH->query('SELECT SUM(quanity) as quanity,SUM(cost) as cost, DATE_FORMAT(timestamp,\'%Y %m %d\') as mdata FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\')=\'' . $year . '\' AND autocor=1 AND phone!=(\'test\') AND phone!=(\'тест\') AND comment!=(\'test\') AND comment!=(\'тест\') GROUP BY DATE_FORMAT(timestamp,\'%Y %m\')')->fetchAll(PDO::FETCH_ASSOC);
$formats = self::$DBH->query('SELECT DATE_FORMAT(timestamp,\'%m\') as mdata, format, SUM(quanity) as quanity,SUM(cost) as cost FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\')=\'' . $year . '\' AND phone!=(\'test\') AND phone!=(\'тест\') AND comment!=(\'test\') AND comment!=(\'тест\') GROUP BY DATE_FORMAT(timestamp,\'%Y %m\'),format')->fetchAll(PDO::FETCH_GROUP | PDO::FETCH_ASSOC);
//************* Собираем итоги **************//
$whereOption = 'AND phone!=(\'test\') AND phone!=(\'тест\') AND comment!=(\'test\') AND comment!=(\'тест\') AND comment NOT LIKE \'%test%\' AND comment NOT LIKE \'%тест%\'';
$totalOrders = self::$DBH->query('SELECT COUNT(DISTINCT currcount) as totalOrders FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\') =\''.$year.'\' '.$whereOption)->fetchAll(PDO::FETCH_ASSOC);
$totalSum = self::$DBH->query('SELECT SUM(cost) as totalSum FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\') =\''.$year.'\' '.$whereOption)->fetchAll(PDO::FETCH_ASSOC);
$totalGLNZ = self::$DBH->query('SELECT SUM(quanity) as paperCount, SUM(cost) as paperCost FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\') = \''.$year.'\' AND paper=\'glnz\' '.$whereOption)->fetchAll(PDO::FETCH_ASSOC);
$totalMAT = self::$DBH->query('SELECT SUM(quanity) as paperCount, SUM(cost) as paperCost FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\') = \''.$year.'\' AND paper=\'mat\' '.$whereOption)->fetchAll(PDO::FETCH_ASSOC);
$totalSubsCount = self::$DBH->query('SELECT COUNT(suborder) as totalSubsCount FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\') =\''.$year.'\' '.$whereOption)->fetchAll(PDO::FETCH_ASSOC);
$totalPhotos = self::$DBH->query('SELECT SUM(quanity) as totalPhotos FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\') =\''.$year.'\' '.$whereOption)->fetchAll(PDO::FETCH_ASSOC);
//******************************************//
// $this->Logging(self::$DBH->query('SELECT quanity, DATE_FORMAT(timestamp,\'%m\') as mdata,phone,comment FROM statistics WHERE DATE_FORMAT(timestamp,\'%Y\')=\'' . $year . '\'')->fetchAll(PDO::FETCH_ASSOC));
/*$this->Logging($data);*/
return $data;
}
guestinho 22.06.2016 17:49 # +3
хороший пыховец даже при помощи PDO соберет запрос в ручную, похерит execution plan, и устроит sql инъекцию
inkanus-gray 23.06.2016 16:00 # 0
Другое дело, что пыховцы протаскивают инъекции через всё, даже через фреймворки.
guestinho 23.06.2016 16:28 # 0
http://php.net/manual/en/pdo.prepared-statements.php
inkanus-gray 23.06.2016 16:44 # 0
Prepared statements и в mysqli есть.
guestinho 24.06.2016 14:39 # 0
inkanus-gray 24.06.2016 15:13 # 0
Vince 23.06.2016 08:33 # 0