![](/img/trans.png)
[英]How can I grab all possible results based on values in an SQL table when dealing with user permissions?
[英]How to build a SQL statement when any combination of user input to the table is possible?
示例:用戶填寫除產品名稱之外的所有內容。
我需要搜索提供的內容,所以在這種情況下除了productName=
所有東西
此示例可以用於任何輸入組合。
有沒有辦法做到這一點?
謝謝。
$name = $_POST['n'];
$cat = $_POST['c'];
$price = $_POST['p'];
if( !($name) )
{
$name = some character to select all?
}
$sql = "SELECT * FROM products WHERE productCategory='$cat' and
productName='$name' and productPrice='$price' ";
編輯
解決方案不必保護免受攻擊。 具體看它的動態部分。
就像是
$where_array = array();
if( isset($_POST['n']) )$where_array[] = "productName = '{$_POST['n']}'";
if( isset($_POST['c']) )$where_array[] = "productCategory '{$_POST['c']}'";
if( isset($_POST['p']) )$where_array[] = "productPrice = '{$_POST['p']}'";
$where_stmt = implode( ' and ', $where_array );
if( $where_stmt )
{
$sql = "SELECT * FROM products WHERE $where_stmt ";
//run query
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.