堆栈内存溢出
  繁体   English   中英

查询构建SQL功能

[英]Query building SQL function

 原文  2017-08-29 15:10:04       php/ mysql/ sql/ where

问题描述

我正在基于变量查询数据库,但对于如何获取我的函数不起作用有些困惑。 如果SQL条件数组中只有一个字符串,我希望它说WHERE,如果有多个,则我希望第一个是WHERE,其余的是AND。 当前,如果我有一个字符串,并且rets为空白,则查询如下所示:SELECT * FROM tb_visitors AND'2017-08-01'和'2017-08-31'之间的日期。 我希望首先在哪里,是否有更好的方法可以做到这一点? 

        $sites =  $data['sites'];
        $attendence =  $data['filter'];
        $time = $data['time'];
        $department = $data['department'];
        $staff = $data['staff'];

        $sql = 'SELECT * FROM tb_visitors' ;
        $sql_criteria= "";

        if(is_numeric($department) == true){
           $sql_criteria[] = "dept_id = "."'".$department."'"; 
        } else if($staff !== 'Staff Member') {
             $sql_criteria[] = 'staff='.'"'.$staff.'"'; 
        } 

        if($department == 'Department' || $staff == 'Staff Member' ){
           $sql_criteria[] = ""; 
        }

        // Time
        if($time == 'Date Range' || $time == 'Custom' || $time == 'Today'){
           $sql_criteria[] = ""; 
        } else if($time == 'Today'){
           $today_date = date("Y-m-d"); 
           $sql_criteria[] = "date ="."'".$today_date."'";  
        } else if($time == 'Tomorrow'){
           $d= strtotime("tomorrow");
           $date =  date("Y-m-d", $d);
           $sql_criteria[] = "date ="."'".$date."'"; 
        }  else if($time == 'Yesterday'){
           $date = date('Y-m-d',strtotime("-1 days"));
           $sql_criteria[] = "date ="."'".$date."'"; 
        } else if($time == 'Last Month'){
           $start_date =  date("Y-n-j", strtotime("first day of previous month"));
            $end_date =  date("Y-n-j", strtotime("last day of previous month"));
           $sql_criteria[] = "date BETWEEN '".$start_date."' AND '".$end_date."'"; 
        } else if($time == 'Next Month'){
           $start_date =  date("Y-n-j", strtotime("first day of next month"));
           $end_date =  date("Y-n-j", strtotime("last day of next month"));
           $sql_criteria[] = "date BETWEEN '".$start_date."' AND '".$end_date."'"; 
        } else if($time == 'This Week'){
           $start_date = date("Y-m-d", strtotime('monday this week'));
           $end_date =  date("Y-m-d", strtotime('sunday this week'));
           $sql_criteria[] = "date BETWEEN '".$start_date."' AND '".$end_date."'";  
        } else if($time == 'This Month'){
           $start_date = date('Y-m-01');
            $end_date = date('Y-m-t');
            $sql_criteria[] = "date BETWEEN '".$start_date."' AND '".$end_date."'";
        } else if($time == 'Last Week'){
           $start_date = date("Y-m-d", strtotime("last week monday"));
           $end_date =  date("Y-m-d", strtotime("last week sunday"));
           $sql_criteria[] = "date BETWEEN '".$start_date."' AND '".$end_date."'"; 
        } else if($time == 'Next Week'){
           $start_date = date("Y-m-d", strtotime("next monday"));
           $end_date =    date("Y-m-d", strtotime('+1 week sunday'));
           $sql_criteria[] = "date BETWEEN '".$start_date."' AND '".$end_date."'";  

        } 

        // Attendence 
        if($attendence == 'Status' || $attendence == 'All Visits'){
            $sql_criteria[] = ""; 
        } else if($attendence == 'No Show'){
            $sql_criteria[] = "no_show = 'Y'";  
        } else if($attendence == 'Completed Visits'){
            $sql_criteria[] = "seen IS NOT NULL";  
        } else if($attendence == 'Upcoming Visits'){
           $today_date = date("Y-m-d"); 
           $sql_criteria[] = "date > '".$today_date."'"; 
        } 

        //Sites

        if($sites == 'All Sites' || $sites == 'Sites' ){
            $sql_criteria[] = ""; 
        } else if($sites == 'Twickenham'){
            $sql_criteria[] = "dept_id NOT IN ('28',  '29',  '30',  '32',  '41',  '44')";
        } else if($sites == 'Hammersmith'){
            $sql_criteria[] = "dept_id IN ('36')"; 
        } else if($sites == 'Heatherwood'){
           $sql_criteria[] = "dept_id IN ('37')";  
        } else if($sites == 'Hillingdon'){
          $sql_criteria[] = "dept_id IN ('38')";   
        } else if($sites == 'Nuffeild'){
            $sql_criteria[] = "dept_id IN ('39')"; 
        } else if($sites == 'St Georges'){
            $sql_criteria[] = "dept_id IN ('41')"; 
        } else if($sites == 'Queen Victoria'){
            $sql_criteria[] = "dept_id IN ('40')"; 
        } else if($sites == 'Stoke Mandeville'){
           $sql_criteria[] = "dept_id IN ('42')";  
        }


    $i=0;
    foreach ($sql_criteria as $a => $b){

       if($b == ""){
            $join = "";   
        } else if($i == 0){
            $join = "WHERE";
        } else {
            $join = "AND";  
        }


    $sql_final = $join." ".$b;
    $i++;
    $sql = $sql." ".$sql_final;
    }
   $result = $db->db_num("$sql");
   echo $sql;

1 个解决方案

解决方案1
 2 已采纳  2017-08-29 15:18:28

由于您已经在数组中wherewhere子句,因此可以使用countimplode 

$sql = 'SELECT * FROM tb_visitors';
$sql_criteria = array();

/*
* Build the $sql_criteria array
* [...]
*/

if (count($sql_criteria)) // Should the where clause be built?
{
    $sql .= " WHERE " . implode(" AND ", $sql_criteria);
}

注意:正如评论者已经指出的那样,您容易受到SQL注入的攻击。 考虑到这一点很重要,因为注入可能是“偶然”发生的,并不总是由于有针对性的攻击而引起的。 例如,如果您的$staff的值为“ John O'Sullivan”,则名称中的单引号会打断您的查询。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SQL / Laravel构建查询 雄辩地构建SQL查询 SQL查询构建实践 使用_POST参数构建SQL查询 基于复选框构建SQL查询 {SQL PHP}建立查询的帮助 在单独的HTML函数中调用包含SQL查询的PHP函数,从而在单独的页面上构建HTML表? 从php中的另一个查询构建SQL查询 帮助在Zend中构建一个简单的SQL查询 用php参数构建一个sql查询字符串
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM