堆栈内存溢出
  简体   繁体   English

动态MySQLi查询字符串“ AND”附录

[英]Dynamic MySQLi Query String “AND” Appendage

 原文  2013-06-05 04:22:51       php/ dynamic/ mysqli

问题描述

I have a dynamic query (used for a search function) for my site. 我的网站有一个动态查询(用于搜索功能)。 It builds the query based on user input, dynamically. 它基于用户输入动态地构建查询。 

$query = "SELECT * FROM talents WHERE ";

if(!empty($_POST['firstName'])){
    $query = $query . "firstName = '" . $_POST['firstName'] . "' AND ";
}

if(!empty($_POST['lastName'])){
    $query = $query . "lastName = '" . $_POST['lastName'] . "' AND ";
}

if(!empty($_POST['gender'])){
    $query = $query . "gender = '" . $_POST['gender'] . "' AND ";
}


if(!empty($_POST['eyeColor'])){
    $query = $query . "eyeColor = '" . $_POST['eyeColor'] . "' AND ";
}

if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] != "High"){
    $query = $query . "height BETWEEN '" . $_POST['heightLow'] . "' AND '" . $_POST['heightHigh'] . "' AND ";
}else if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] == "High"){
    $query = $query . "height = '" . $_POST['heightLow'] . "' AND ";
}

if(!empty($_POST['hairColor'])){
    $query = $query . "hairColor = '" . $_POST['hairColor'] . "' AND ";
}

if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] != "High"){
    $query = $query . "weight BETWEEN '" . $_POST['weightLow'] . "' AND '" . $_POST['weightHigh'] . "' AND ";
}else if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] == "High"){
    $query = $query . "weight = '" . $_POST['weightLow'] . "' AND ";
}

if(!empty($_POST['dressSize'])){
    $query = $query . "dressSize = '" . $_POST['dressSize'] . "' AND ";
}

if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] != "High"){
    $query = $query . "chest BETWEEN '" . $_POST['chestLow'] . "' AND '" . $_POST['chestHigh'] . "' AND ";
}else if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] == "High"){
    $query = $query . "chest = '" . $_POST['chestLow'] . "' AND ";
}

if(!empty($_POST['shoeSize'])){
    $query = $query . "shoeSize = '" . $_POST['shoeSize'] . "' AND ";
}

if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] != "High"){
    $query = $query . "waist BETWEEN '" . $_POST['waistLow'] . "' AND '" . $_POST['waistHigh'] . "' AND ";
}else if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] == "High"){
    $query = $query . "waist = '" . $_POST['waistLow'] . "' AND ";
}

if($_POST['hipsLow'] != "Low" && $_POST['hipsHigh'] != "High"){
    $query = $query . "hips BETWEEN '" . $_POST['hipsLow'] . "' AND '" . $_POST['hipsHigh'] . "' ";
}else if($_POST['hipsLow'] != "Low" && $_POST['hipsigh'] == "High"){
    $query = $query . "hips = '" . $_POST['hipsLow'] . "' ";
}

First off, ignore the verbose nature - it's an alpha to get working. 首先,请忽略冗长的性质-这是开始工作的Alpha。 Pretty code after. 之后的漂亮代码。 Second, the High and Low variables reference a ranged search (eg height between 5'3 and 5'9). 其次, HighLow变量引用了一个范围搜索(例如,高度在5'3和5'9之间)。

Here's my problem; 这是我的问题; the AND ! AND The way I have it, it will work if there is something for the hips inputs, other than that it errors out. 以我的方式,如果hips输入有些错误,它将起作用。 But then, it's impossible to predict where the user will stop. 但是,这不可能预测用户将在哪里停下来。

This is a really common functionality, I'm surprised this isn't easier to find on the internet. 这是一个非常常见的功能,令我惊讶的是,在互联网上找不到它并不容易。 Any quick ideas? 有什么好主意吗?

2 个解决方案

解决方案1
 4  2013-06-05 04:28:38

save your conditions into an array instead of string like this 将您的条件保存到array而不是像这样的string 

$query = array();
$query[] = "weight = '" . $_POST['weightLow'];

and implode it with AND . 并使用AND其内implode 

$final_query = implode(' AND ', $query);

解决方案2
 1 已采纳  2013-06-05 04:29:41

I have an idea, sanitize your input. 我有个主意,请整理您的意见。 Don't pass $_POST['xxx'] directly in a query. 不要在查询中直接传递$ _POST ['xxx']。

At the very least , wrap it in mysql_real_escape_string(). 至少 ,将其包装在mysql_real_escape_string()中。 You're better off, however, using PHP's PDO. 但是,最好使用PHP的PDO。

After you escape, it'll start working. 逃脱后,它将开始工作。 You may want to also consider $query = rtrim($query, "AND") -- then just continue to put " AND" at the end of your queries. 您可能还需要考虑$query = rtrim($query, "AND") -然后继续在查询末尾添加“ AND”。

Example (not tested): 示例(未经测试): 

$query = "SELECT * FROM talents WHERE ";

if(!empty($_POST['firstName'])){
    $query = $query . "firstName = '" . mysql_real_escape_string($_POST['firstName']) . "' AND ";
}

if(!empty($_POST['lastName'])){
    $query = $query . "lastName = '" . mysql_real_escape_string($_POST['lastName']) . "' AND ";
}

if(!empty($_POST['gender'])){
    $query = $query . "gender = '" . mysql_real_escape_string($_POST['gender']) . "' AND ";
}


if(!empty($_POST['eyeColor'])){
    $query = $query . "eyeColor = '" . mysql_real_escape_string($_POST['eyeColor']) . "' AND ";
}

if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] != "High"){
    $query = $query . "height BETWEEN '" . mysql_real_escape_string($_POST['heightLow']) . "' AND '" . mysql_real_escape_string($_POST['heightHigh']) . "' AND ";
}else if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] == "High"){
    $query = $query . "height = '" . mysql_real_escape_string($_POST['heightLow']) . "' AND ";
}

if(!empty($_POST['hairColor'])){
    $query = $query . "hairColor = '" . mysql_real_escape_string($_POST['hairColor']) . "' AND ";
}

if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] != "High"){
    $query = $query . "weight BETWEEN '" . mysql_real_escape_string($_POST['weightLow']) . "' AND '" . mysql_real_escape_string($_POST['weightHigh']) . "' AND ";
}else if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] == "High"){
    $query = $query . "weight = '" . mysql_real_escape_string($_POST['weightLow']) . "' AND ";
}

if(!empty($_POST['dressSize'])){
    $query = $query . "dressSize = '" . mysql_real_escape_string($_POST['dressSize']) . "' AND ";
}

if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] != "High"){
    $query = $query . "chest BETWEEN '" . mysql_real_escape_string($_POST['chestLow']) . "' AND '" . mysql_real_escape_string($_POST['chestHigh']) . "' AND ";
}else if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] == "High"){
    $query = $query . "chest = '" . mysql_real_escape_string($_POST['chestLow']) . "' AND ";
}

if(!empty($_POST['shoeSize'])){
    $query = $query . "shoeSize = '" . mysql_real_escape_string($_POST['shoeSize']) . "' AND ";
}

if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] != "High"){
    $query = $query . "waist BETWEEN '" . mysql_real_escape_string($_POST['waistLow']) . "' AND '" . mysql_real_escape_string($_POST['waistHigh']) . "' AND ";
}else if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] == "High"){
    $query = $query . "waist = '" . mysql_real_escape_string($_POST['waistLow']) . "' AND ";
}

if($_POST['hipsLow'] != "Low" && $_POST['hipsHigh'] != "High"){
    $query = $query . "hips BETWEEN '" . mysql_real_escape_string($_POST['hipsLow']) . "' AND '" . mysql_real_escape_string($_POST['hipsHigh']) . "' AND";
}else if($_POST['hipsLow'] != "Low" && $_POST['hipsigh'] == "High"){
    $query = $query . "hips = '" . mysql_real_escape_string($_POST['hipsLow']) . "' AND";
}

$query = rtrim($query, "AND");

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 mysqli动态更新查询 - mysqli dynamic update query 将一个字符串附加到另一个字符串,但附件在新行上而不是同一行 - Appending one string to another, but appendage is on new line not same line 找出mysqli查询字符串 - find out mysqli query string Mysqli查询返回一个空字符串 - Mysqli query returns an emptry string Mysqli查询返回空字符串 - Mysqli query returns empty string Mysqli动态查询bind_results - Mysqli dynamic query bind_results MySQLi 带动态更新查询的预准备语句 - MySQLi prepared statement with dynamic update query 另一个mysqli_query()期望参数1为mysqli,给定字符串 - Another mysqli_query() expects parameter 1 to be mysqli, string given 警告:mysqli_query() 期望参数 1 为 mysqli,字符串在 - Warning: mysqli_query() expects parameter 1 to be mysqli, string given in mysqli_query()期望参数1为mysqli,字符串为 - mysqli_query() expects parameter 1 to be mysqli, string given in
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM