堆栈内存溢出
  简体   繁体   English

PDO-按价格升序或降序

[英]PDO - order by price ascending or descending

 原文  2012-09-16 23:19:34       php/ mysql/ search/ pdo/ sql-order-by

问题描述

currently I have a simple search query which works as follows: 目前,我有一个简单的搜索查询,其工作方式如下: 

$username = $_SESSION['username'];
$chosencategory = $_GET['category'];
$price = $_GET['price'];

$search = $_GET['search'];
$terms = explode(" ", $search);

if ($price && $chosencategory){
        $sql = "SELECT * FROM people WHERE MATCH (lname,fname) AGAINST (:search IN BOOLEAN MODE) AND category='$chosencategory' ORDER BY price $price";
    $q   = $conn->prepare($sql) or die("failed!");
    $q->bindValue(':search',"%".$search."%",PDO::PARAM_STR);
    $q->execute();
    }

When a user chooses, for example, "display price lowest to highest" the value sent through to $_GET['price'] = ASC, however i am not sure if this is a safe way to sort the results, does anyone have a better way? 例如,当用户选择“显示价格从最低到最高”时,发送到$_GET['price'] = ASC的值,但是我不确定这是否是对结果进行排序的安全方法,是否有人更好的方法?

also this method is not the best as when the user choses a sort option such as "display price lowest to highest" the dropdown box echoes the value which has been sent to the $_GET['price'] which is "ASC" so in the dropdown box it reads ASC after the form as been sent! 同样,此方法也不是最佳方法,因为当用户选择排序选项时,例如“显示价格从最低到最高”,下拉框会回显已发送到$ _GET ['price']的值为“ ASC”的值,因此发送表格后,下拉框将显示ASC!

Sorry if this is confusing please comment if you would like me to re-explain this, any help or advice is much appreciated!! 抱歉,如果这令人困惑,请发表评论,如果您希望我重新解释此问题,我们将不胜感激!

1 个解决方案

解决方案1
 3 已采纳  2012-09-18 14:30:14

Related to your value binding and sql injection, you should also check that values are set before using. 与值绑定和sql注入相关,还应在使用前检查是否已设置值。 if you enabled error_reporting(E_ALL) you would see lots of Undefined warnings. 如果启用了error_reporting(E_ALL) ,则会看到许多未定义的警告。 Here are some tips/changes: 以下是一些提示/更改: 

<?php 
// Check and set username
$username = (isset($_SESSION['username']) ? $_SESSION['username'] : 'guest');

// Check and set category
$category = (!empty($_GET['category']) ? $_GET['category'] : null);

// Check and set search
if(!empty($_GET['search'])){
    $search = $_GET['search'];
    $terms  = explode(" ", $search);
}else{
    $search = null;
    $terms  = null;
}

// Check that $_GET['price'] is ASC if not set to DESC
// as static values its ok to directly put in the query 
if(isset($_GET['price']) && $_GET['price'] == 'ASC'){
    $price = 'ASC';
}else{
    $price = 'DESC';
}

if ($category !== null && $search !== null){

    $sql = "SELECT   *
            FROM     people
            WHERE    MATCH (lname,fname) AGAINST (:search IN BOOLEAN MODE)
            AND      category = :category
            ORDER BY price ".$price;

    $q = $conn->prepare($sql);
    // Bind the params to the placeholders
    $q->bindParam(':search', $search, PDO::PARAM_STR);
    $q->bindParam(':category', $category, PDO::PARAM_STR);
    $q->execute();
    // Get result
    $result = $q->fetchAll(PDO::FETCH_ASSOC);
}
?>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 sql查询升序或降序 - sql query ascending or descending order PHP按升序/降序排序不起作用 - PHP Order by Ascending/Descending not working PHP-如何通过升序或降序排序数据 - PHP - How to order data by ascending or descending Laravel-使用链接按升序和降序排列图像 - Laravel - Arranging images in ascending and descending order with links 多维数组按价格升序和降序排序 - Multi-dimension array sort by price Ascending and descending PDO Echo 10值按降序排列 - PDO Echo 10 values order by descending 如何在古吉拉特语网站的选项标签中设置升序或降序 - How to set ascending or descending order in gujarati website's option tag 如何更改购物车页面上的自定义费用顺序(升序/降序)(woocommerce) - How to Change Custom Fee order (Ascending/Descending) on cart page (woocommerce ) 将字符串转换为php中的数组,输出然后按升序和降序输出 - Convert string to array in php, output it and then output in ascending and descending order 如何连接两个表并以sum的升序或降序显示结果 - how to join two table and display the result in ascending or descending order of sum
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM