动态MySQLi查询字符串“ AND”附录
[英]Dynamic MySQLi Query String “AND” Appendage
问题描述
我的网站有一个动态查询(用于搜索功能)。 它基于用户输入动态地构建查询。
$query = "SELECT * FROM talents WHERE ";
if(!empty($_POST['firstName'])){
$query = $query . "firstName = '" . $_POST['firstName'] . "' AND ";
}
if(!empty($_POST['lastName'])){
$query = $query . "lastName = '" . $_POST['lastName'] . "' AND ";
}
if(!empty($_POST['gender'])){
$query = $query . "gender = '" . $_POST['gender'] . "' AND ";
}
if(!empty($_POST['eyeColor'])){
$query = $query . "eyeColor = '" . $_POST['eyeColor'] . "' AND ";
}
if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] != "High"){
$query = $query . "height BETWEEN '" . $_POST['heightLow'] . "' AND '" . $_POST['heightHigh'] . "' AND ";
}else if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] == "High"){
$query = $query . "height = '" . $_POST['heightLow'] . "' AND ";
}
if(!empty($_POST['hairColor'])){
$query = $query . "hairColor = '" . $_POST['hairColor'] . "' AND ";
}
if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] != "High"){
$query = $query . "weight BETWEEN '" . $_POST['weightLow'] . "' AND '" . $_POST['weightHigh'] . "' AND ";
}else if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] == "High"){
$query = $query . "weight = '" . $_POST['weightLow'] . "' AND ";
}
if(!empty($_POST['dressSize'])){
$query = $query . "dressSize = '" . $_POST['dressSize'] . "' AND ";
}
if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] != "High"){
$query = $query . "chest BETWEEN '" . $_POST['chestLow'] . "' AND '" . $_POST['chestHigh'] . "' AND ";
}else if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] == "High"){
$query = $query . "chest = '" . $_POST['chestLow'] . "' AND ";
}
if(!empty($_POST['shoeSize'])){
$query = $query . "shoeSize = '" . $_POST['shoeSize'] . "' AND ";
}
if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] != "High"){
$query = $query . "waist BETWEEN '" . $_POST['waistLow'] . "' AND '" . $_POST['waistHigh'] . "' AND ";
}else if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] == "High"){
$query = $query . "waist = '" . $_POST['waistLow'] . "' AND ";
}
if($_POST['hipsLow'] != "Low" && $_POST['hipsHigh'] != "High"){
$query = $query . "hips BETWEEN '" . $_POST['hipsLow'] . "' AND '" . $_POST['hipsHigh'] . "' ";
}else if($_POST['hipsLow'] != "Low" && $_POST['hipsigh'] == "High"){
$query = $query . "hips = '" . $_POST['hipsLow'] . "' ";
}
首先,请忽略冗长的性质-这是开始工作的Alpha。 之后的漂亮代码。 其次, High和Low变量引用了一个范围搜索(例如,高度在5'3和5'9之间)。
这是我的问题; AND ! 以我的方式,如果hips输入有些错误,它将起作用。 但是,这不可能预测用户将在哪里停下来。
这是一个非常常见的功能,令我惊讶的是,在互联网上找不到它并不容易。 有什么好主意吗?
2 个解决方案
解决方案1
4 2013-06-05 04:28:38
将您的条件保存到array而不是像这样的string
$query = array();
$query[] = "weight = '" . $_POST['weightLow'];
并使用AND其内implode 。
$final_query = implode(' AND ', $query);
解决方案2
1 已采纳 2013-06-05 04:29:41
我有个主意,请整理您的意见。 不要在查询中直接传递$ _POST ['xxx']。
至少 ,将其包装在mysql_real_escape_string()中。 但是,最好使用PHP的PDO。
逃脱后,它将开始工作。 您可能还需要考虑$query = rtrim($query, "AND") -然后继续在查询末尾添加“ AND”。
示例(未经测试):
$query = "SELECT * FROM talents WHERE ";
if(!empty($_POST['firstName'])){
$query = $query . "firstName = '" . mysql_real_escape_string($_POST['firstName']) . "' AND ";
}
if(!empty($_POST['lastName'])){
$query = $query . "lastName = '" . mysql_real_escape_string($_POST['lastName']) . "' AND ";
}
if(!empty($_POST['gender'])){
$query = $query . "gender = '" . mysql_real_escape_string($_POST['gender']) . "' AND ";
}
if(!empty($_POST['eyeColor'])){
$query = $query . "eyeColor = '" . mysql_real_escape_string($_POST['eyeColor']) . "' AND ";
}
if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] != "High"){
$query = $query . "height BETWEEN '" . mysql_real_escape_string($_POST['heightLow']) . "' AND '" . mysql_real_escape_string($_POST['heightHigh']) . "' AND ";
}else if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] == "High"){
$query = $query . "height = '" . mysql_real_escape_string($_POST['heightLow']) . "' AND ";
}
if(!empty($_POST['hairColor'])){
$query = $query . "hairColor = '" . mysql_real_escape_string($_POST['hairColor']) . "' AND ";
}
if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] != "High"){
$query = $query . "weight BETWEEN '" . mysql_real_escape_string($_POST['weightLow']) . "' AND '" . mysql_real_escape_string($_POST['weightHigh']) . "' AND ";
}else if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] == "High"){
$query = $query . "weight = '" . mysql_real_escape_string($_POST['weightLow']) . "' AND ";
}
if(!empty($_POST['dressSize'])){
$query = $query . "dressSize = '" . mysql_real_escape_string($_POST['dressSize']) . "' AND ";
}
if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] != "High"){
$query = $query . "chest BETWEEN '" . mysql_real_escape_string($_POST['chestLow']) . "' AND '" . mysql_real_escape_string($_POST['chestHigh']) . "' AND ";
}else if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] == "High"){
$query = $query . "chest = '" . mysql_real_escape_string($_POST['chestLow']) . "' AND ";
}
if(!empty($_POST['shoeSize'])){
$query = $query . "shoeSize = '" . mysql_real_escape_string($_POST['shoeSize']) . "' AND ";
}
if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] != "High"){
$query = $query . "waist BETWEEN '" . mysql_real_escape_string($_POST['waistLow']) . "' AND '" . mysql_real_escape_string($_POST['waistHigh']) . "' AND ";
}else if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] == "High"){
$query = $query . "waist = '" . mysql_real_escape_string($_POST['waistLow']) . "' AND ";
}
if($_POST['hipsLow'] != "Low" && $_POST['hipsHigh'] != "High"){
$query = $query . "hips BETWEEN '" . mysql_real_escape_string($_POST['hipsLow']) . "' AND '" . mysql_real_escape_string($_POST['hipsHigh']) . "' AND";
}else if($_POST['hipsLow'] != "Low" && $_POST['hipsigh'] == "High"){
$query = $query . "hips = '" . mysql_real_escape_string($_POST['hipsLow']) . "' AND";
}
$query = rtrim($query, "AND");
将一个字符串附加到另一个字符串,但附件在新行上而不是同一行
[英]Appending one string to another, but appendage is on new line not same line
另一个mysqli_query()期望参数1为mysqli,给定字符串
[英]Another mysqli_query() expects parameter 1 to be mysqli, string given
警告:mysqli_query() 期望参数 1 为 mysqli,字符串在
[英]Warning: mysqli_query() expects parameter 1 to be mysqli, string given in
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.