堆栈内存溢出
  繁体   English   中英

正确的代码可以过滤PHP / SQL查询中的价格范围

[英]Proper code to filter a price range in PHP / SQL Query

 原文  2012-12-06 16:40:42       php/ mysql

问题描述

真的希望有人可以帮助我。 我正在构建一个PHP / MySQL搜索表单,希望该表单将允许用户搜索我们的Wine数据库并根据通过下拉菜单选择的价格范围来过滤结果。

该表格可以很好地搜索并返回准确结果的不错列表。 但是,它不会对结果进行价格过滤。

经过数天的搜索和试验,我将各种代码段融合在一起以达到目标,但总的来说,PHP对我来说仍然是一个谜。

这是我苦苦挣扎的正确编码和语法。

我如何编码此处发布的PHP以正确集成价格范围过滤器? 我怀疑我在sql查询中包含“ pricerange”是否偏离基础。

  • MySQL服务器版本:5.1.65-cll
  • 价格栏类型:十进制(10,2)

任何帮助将不胜感激。 请检查下面的代码块。

万分感谢!

的HTML 

 <form  method="post" action="winesearch.php?go" id="searchform"> 
 <input  type="text" size="35" name="user-entry"/>
 <select name="pricerange" size="1" id="pricerange">
    <option value="">Price Range&nbsp;</option>
    <option value="1">$&nbsp;10 - $20</option>
    <option value="2">$&nbsp;21 - $30</option>
    <option value="3">$&nbsp;31 - $50</option>
    <option value="4">$&nbsp;51 - $75</option>
    <option value="5">$&nbsp;76 - $100</option>
    <option value="6">$101 - $200</option>
    <option value="7">$201 - Plus</option>
</select> 
<input  type="submit" name="submit" value="Wine Search"/> 
</form>

的PHP 

<?php

  if(isset($_POST['submit'])){
  if(isset($_GET['go'])){
  if(preg_match("/^[a-zA-Z0-9]+/", $_POST['user-entry'])){
  $cob=$_POST['user-entry'];
  $pricerange=$_POST['pricerange'];


  //connect to the database
  $db=mysql_connect  ("server", "user", "pass") or die (mysql_error());

  //-select the database to use
  $mydb=mysql_select_db("db_name");

  if($pricerange == 0) $pricerange = 1;

  switch ($pricerange) {
  case 1  :  $pricerange = " where Price BETWEEN 10.00 AND 20.00 ";  break; 
  case 2  :  $pricerange = " where Price BETWEEN 21.00 AND 30.00 ";  break;  
  case 3  :  $pricerange = " where Price BETWEEN 31.00 AND 50.00 ";  break;   
  case 4  :  $pricerange = " where Price BETWEEN 51.00 AND 75.00 ";  break;     
  case 5  :  $pricerange = " where Price BETWEEN 76.00 AND 100.00 ";  break;       
  case 6  :  $pricerange = " where Price BETWEEN 101.00 AND 200.00 ";  break;         
  case 7  :  $pricerange = " where Price > 200.00 ";  break;           
  }

  //-query the database table
  $sql="
    SELECT  ID, 
    CSPC, 
    Country,
    Producer,
    Wine,
    Year,
    Price 
    FROM winecellar WHERE 
    CSPC LIKE '%" . $cob .  "%' 
    OR 
    Country LIKE '%" . $cob ."%'
    OR 
    Producer LIKE '%" . $cob ."%'
    OR 
    Wine LIKE '%" . $cob ."%'
    OR 
    Year LIKE '%" . $cob ."%'
    OR 
    Price LIKE '%" . $pricerange ."%'
    ";

  //-run  the query against the mysql query function
  $result=mysql_query($sql);

  //-create  while loop and loop through result set
  while($row=mysql_fetch_array($result)){
    $CSPC=$row['CSPC'];
    $Country=$row['Country'];
    $Producer=$row['Producer'];
    $Wine=$row['Wine'];
    $Year=$row['Year']; 
    $Price=$row['Price'];
    $ID=$row['ID'];

    //-display the result of the array
echo  "<ul>\n";
echo  "<li>" . $CSPC . "</li>\n";
echo  "<li>" . $Country . "</li>\n";
echo  "<li>" . $Producer . "</li>\n";
echo  "<li>" . $Wine . "</li>\n";
echo  "<li>" . $Year . "</li>\n";
echo  "<li>" . "<a href=" . $Price .  ">" . "$" . $Price . "</a></li>\n";

echo  "</ul>";
  }
  }
  else{
  echo  "<p>Please enter a search query</p>";
  }
  }
  }
?>

3 个解决方案

解决方案1
 1  2012-12-06 16:47:54

直到您将查询放在一起之前,您都拥有了它。 您不需要在下面的语句中使用“ where”,因为您在下面要构建的查询中已经具有了“ where”。 

switch ($pricerange) {
  case 1  :  $pricerange = " Price BETWEEN 10.00 AND 20.00 ";  break; 
  case 2  :  $pricerange = " Price BETWEEN 21.00 AND 30.00 ";  break;  
  case 3  :  $pricerange = " Price BETWEEN 31.00 AND 50.00 ";  break;   
  case 4  :  $pricerange = " Price BETWEEN 51.00 AND 75.00 ";  break;     
  case 5  :  $pricerange = " Price BETWEEN 76.00 AND 100.00 ";  break;       
  case 6  :  $pricerange = " Price BETWEEN 101.00 AND 200.00 ";  break;         
  case 6  :  $pricerange = " Price > 200.00 ";  break;           
}

OR 
Price LIKE '%" . $pricerange ."%'

应该 

OR ". $pricerange ."

因为您已经在构建之间的语句。

解决方案2
 0 已采纳  2012-12-06 16:45:10

<?php

  if(isset($_POST['submit'])){
  if(isset($_GET['go'])){
   // improved the filter to support space and -
   // Also closed critical security breache (SQL-injection)
  if(preg_match("/^[a-zA-Z0-9 -]+$/", $_POST['user-entry'])){
  $cob=$_POST['user-entry'];
  $pricerange=$_POST['pricerange'];


  //connect to the database
  $db=mysql_connect  ("server", "user", "pass") or die (mysql_error());

  //-select the database to use
  $mydb=mysql_select_db("db_name");

  switch ($pricerange) {
  case 2  :  $pricerange = " AND Price BETWEEN 21.00 AND 30.00 ";  break;  
  case 3  :  $pricerange = " AND Price BETWEEN 31.00 AND 50.00 ";  break;   
  case 4  :  $pricerange = " AND Price BETWEEN 51.00 AND 75.00 ";  break;     
  case 5  :  $pricerange = " AND Price BETWEEN 76.00 AND 100.00 ";  break;       
  case 6  :  $pricerange = " AND Price BETWEEN 101.00 AND 200.00 ";  break;         
  case 7  :  $pricerange = " AND Price > 200.00 ";  break;
  default :  $pricerange = " AND Price BETWEEN 10.00 AND 20.00 "; // covers all other cases
  }

  //-query the database table
  $sql="
    SELECT  ID, 
    CSPC, 
    Country,
    Producer,
    Wine,
    Year,
    Price 
    FROM winecellar WHERE 
    (CSPC LIKE '%" . $cob .  "%' 
    OR 
    Country LIKE '%" . $cob ."%'
    OR 
    Producer LIKE '%" . $cob ."%'
    OR 
    Wine LIKE '%" . $cob ."%'
    OR 
    Year LIKE '%" . $cob ."%')
    " . $pricerange;

  //-run  the query against the mysql query function
  $result=mysql_query($sql);

  //-create  while loop and loop through result set
  while($row=mysql_fetch_array($result)){
    $CSPC=$row['CSPC'];
    $Country=$row['Country'];
    $Producer=$row['Producer'];
    $Wine=$row['Wine'];
    $Year=$row['Year']; 
    $Price=$row['Price'];
    $ID=$row['ID'];

    //-display the result of the array
echo  "<ul>\n";
echo  "<li>" . $CSPC . "</li>\n";
echo  "<li>" . $Country . "</li>\n";
echo  "<li>" . $Producer . "</li>\n";
echo  "<li>" . $Wine . "</li>\n";
echo  "<li>" . $Year . "</li>\n";
echo  "<li>" . "<a href=" . $Price .  ">" . "$" . $Price . "</a></li>\n";

echo  "</ul>";
  }
  }
  else{
  echo  "<p>Please enter a search query</p>";
  }
  }
  }
?>

解决方案3
 0  2012-12-06 16:48:44

我会在运行之前回显您的sql查询,以便您可以看到它的外观。 但是看来,对于价格范围部分,SQL部分是错误的。 现在看起来像这样: 

OR Price LIKE '% where price BETWEEN 10.00 AND 20.00 %'

我认为您希望它看起来像: 

OR PRICE BETWEEN 10.00 AND 20.00

您是否希望它是“或”或“与”?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Opencart过滤器模块查询语句,价格和特殊价格范围 PHP搜索查询与范围过滤器 价格范围过滤器 Laravel 价格范围过滤器 使用范围内的价格过滤产品 按产品类型过滤结果,按价格排序列表(PHP / SQL) php代码中的SQL查询 MySql 查询范围之间的价格 在查询范围内选择价格 SQL查询价格比较
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM