[英]Single and multiple data filters in php
I need to create filter function for this 3 information: Category, Price and Discount for users in order to filter either 1 of the information or any of the 2 information together, or all 3 information together. 我需要为这3个信息创建过滤器功能:用户的类别,价格和折扣,以便将1个信息或2个信息中的任何一个或3个信息一起过滤。
I used this method to filter single information and it successfully displayed the results, but when I tried to use this method to filter any of the 2 or 3 information together, it failed to filter everything. 我使用此方法过滤单个信息,但它成功显示了结果,但是当我尝试使用此方法将2个或3个信息中的任何一个过滤时,它无法过滤所有内容。
<?php
//filter category only
if (isset($_GET['f_category']) && $_GET['f_category'] != ""){
$f_category = $_GET['f_category'];
$sql = "SELECT * FROM post_ads WHERE sup_category='$f_category'";
}
//filter price only
if (isset($_GET['min_price']) && $_GET['min_price'] != "" && $_GET['max_price'] && $_GET['max_price'] != "") {
$min_price = $_GET['min_price'];
$max_price = $_GET['max_price'];
$sql = "SELECT * FROM post_ads WHERE sup_price>='$min_price' AND sup_price<='$max_price'";
}
// filter discount only
if (isset($_GET['f_discount']) && $_GET['f_discount'] != ""){
$f_discount = $_GET['f_discount'];
$sql = "SELECT * FROM post_ads WHERE sup_discount='$f_discount'";
}
//filter category and price
if (isset($_GET['f_category']) && $_GET['f_category'] != "" || $_GET['min_price'] && $_GET['min_price'] != "" && $_GET['max_price'] && $_GET['max_price'] != ""){
$f_category = $_GET['f_category'];
$min_price = $_GET['min_price'];
$max_price = $_GET['max_price'];
$sql = "SELECT * FROM post_ads WHERE sup_category='$f_category'
AND sup_price>='$min_price' AND sup_price<='$max_price'";
}
//filter category and discount
if (isset($_GET['f_category']) && $_GET['f_category'] != "" || $_GET['f_discount']
&& $_GET['f_discount'] != ""){
$f_category = $_GET['f_category'];
$f_discount = $_GET['f_discount'];
$sql = "SELECT * FROM post_ads WHERE sup_category='$f_category'
AND sup_discount='$f_discount'";
}
if(isset($sql)){
$result = mysql_query($sql, $con1);
while($rows=mysql_fetch_array($result))
{
//display results
}
}?>
Can I know what is the problem and how do I fix it? 我能知道是什么问题,如何解决?
You could add each clause to an array, based upon the criteria in original and combine them at the end perhaps.. 您可以根据原始条件将每个子句添加到数组中,并在最后将它们组合起来。
<?php
$clauses=array();
if( isset( $_GET['f_category'] ) && !empty( $_GET['f_category'] ) ){
$clauses[] = "`sup_category` = '{$_GET['f_category']}'";
}
if ( isset( $_GET['min_price'], $_GET['max_price'] ) && !empty( $_GET['min_price'] ) && !empty( $_GET['max_price'] ) ) {
$clauses[]="`sup_price` >= '{$_GET['min_price']}'";
$clauses[]="`sup_price` <= '{$_GET['max_price']}'";
}
if ( isset( $_GET['f_discount'] ) && !empty( $_GET['f_discount'] ) ){
$clauses[]="`sup_discount` = '{$_GET['f_discount']}'";
}
$where = !empty( $clauses ) ? ' where '.implode(' and ',$clauses ) : '';
$sql = "SELECT * FROM `post_ads` " . $where;
echo $sql;
if(isset($sql)){
$result = mysql_query($sql, $con1);
while($rows=mysql_fetch_array($result)){
/*display results*/
}
}
?>
Running the above ( edited version ) with this url 使用此网址运行以上(已编辑的版本)
https://locahost/stack/sql?f_category=bananas&min_price=200&max_price=500&f_discount=32
results in a query that looks like: 产生如下查询:
SELECT * FROM `post_ads` where `sup_category` = 'bananas'
and `sup_price` >= '200' and `sup_price` <= '500' and `sup_discount` = '32'
This all said - without care your code is very vulnerable to sql injection - the use of the mysql_*
suite of functions are deprecated and their use is strongly discouraged. mysql_*
-不小心您的代码很容易受到sql注入的影响-不建议使用mysql_*
函数集,并且强烈建议不要使用它们。 Before getting in too deep, change over to mysqli
with prepared statements
- avoid the heartache '-) 在深入之前,请使用prepared statements
切换到mysqli
避免心痛'-)
I suppose your URL will be in the following format: 我想您的网址将采用以下格式:
1> example.com?f_category=test // When only f_category filter is selected 1> example.com?f_category=test //仅选择f_category过滤器
2> example.com?f_category=test&min_price=50 // When f_category and min_price are filter are selected. 2> example.com?f_category=test&min_price=50 //选择f_category和min_price时。 And so on..... 等等.....
So, you can simply code this as: 因此,您可以简单地将其编码为:
<?php $querySubString = "1 = 1"; if (isset($_GET['f_category']) && $_GET['f_category'] != ""){ $f_category = $_GET['f_category']; $querySubString .= " AND sup_category = '$f_category' "; } if (isset($_GET['min_price']) && $_GET['min_price'] != ""){ $min_price = $_GET['min_price']; $querySubString .= "AND sup_price >= '$min_price' "; } if (isset($_GET['max_price']) && $_GET['max_price'] != ""){ $max_price = $_GET['max_price']; $querySubString .= "AND sup_price <= '$max_price' "; } if (isset($_GET['f_discount']) && $_GET['f_discount'] != ""){ $f_discount = $_GET['f_discount']; $querySubString .= " AND sup_discount= '$f_discount' "; } $sql = "SELECT * FROM post_ads WHERE $querySubString "; if(isset($sql)){ $result = mysql_query($sql, $con1); while($rows=mysql_fetch_array($result)) { //display results } ?>
For simplicity's sake, rewrite your code so that it processes the input first and THEN build your query. 为简单起见,请重写代码,使其首先处理输入,然后构建查询。 This makes it a lot more readable for both of us and you will most likely resolve your issue along the way. 这使我们俩都更具可读性,您很可能会一路解决您的问题。
Additionally, please refrain of using mysql_
, it is unsafe and has been replaced by mysqli_
methods. 另外,请不要使用mysql_
,它是不安全的,并已由mysqli_
方法代替。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.