Question

我正在尝试基于

进行搜索

<select multiple=multiple name="chkUnr[]">

我通过运行代码从select中获取值：

 for($i=0;$i<count($_POST["chkUnr"]);$i++)
                    {
                    if($_POST["chkUnr"][$i] != "")
                    {
                        $search_country = $_POST["chkUnr"][$i];                     
                    }

            $query = "";
            $query .= "SELECT users.* FROM users";
            if (isset($_POST['singles_online']) ? $_POST['singles_online'] : 0 == 1) {
              $query .= " LEFT JOIN online ON online.user_id = users.id";
            }
            $query .= " WHERE";
            if (isset($_POST['vip']) ? $_POST['vip'] : 0 == 1) {
             $query .= " users.vip = 1 AND";
            }
            if (isset($_POST['profile_image']) ? $_POST['profile_image'] : 0 == 2) {
              $query .= " users.profile_image = '2' AND";
            }
            if (isset($_POST['singles_online']) ? $_POST['singles_online'] : 0 == 1) {
              $query .= " online.is_online = 1 AND";
            }
            $query .= " (id NOT IN (SELECT user_id FROM users_blocked WHERE blocked_id = '$user_id')) AND";

            $query .= " (users.user_age >= '$age_from' AND users.user_age <= '$age_to') AND";

            $query .= " (users.gender = '$gender_search') AND";

            $query .= " users.country IN ('$search_country')";

            $search_query = mysql_query($query);


            }

我可以打印出值，但是当我进行SQL搜索时会出现问题。在这种情况下，它只使用国家/地区获取第一个值：因此，当我选择瑞典，德国，美国时，我可以将它们全部打印出来，但在尝试进行SQL查询时，只有瑞典正在被选中。

我尝试过这段代码，但结果仍然相同。

Answer 1

这里的问题（以及另一个答案）是in子句被引号括起来，因此不会产生我们想要的结果。我们需要有效地将数组传递给查询。此外您的代码易受SQL注入攻击。我强烈建议转到PDO /准备好的声明。我为这些国家/地区添加了轻微保护，但这无论如何都不是万无一失。

function prepareForSql($value, $key) {
    return addslashes($value);
}

array_walk($_POST["chkUnr"], "prepareForSql");
$search_country = "'" . implode("','", $_POST["chkUnr"]) . "'";

$query = "";
$query .= "SELECT users.* FROM users";
if (isset($_POST['singles_online']) ? $_POST['singles_online'] : 0 == 1) {
    $query .= " LEFT JOIN online ON online.user_id = users.id";
}
$query .= " WHERE";
if (isset($_POST['vip']) ? $_POST['vip'] : 0 == 1) {
    $query .= " users.vip = 1 AND";
}
if (isset($_POST['profile_image']) ? $_POST['profile_image'] : 0 == 2) {
    $query .= " users.profile_image = '2' AND";
}
if (isset($_POST['singles_online']) ? $_POST['singles_online'] : 0 == 1) {
    $query .= " online.is_online = 1 AND";
}
$query .= " (id NOT IN (SELECT user_id FROM users_blocked WHERE blocked_id = '$user_id')) AND";

$query .= " (users.user_age >= '$age_from' AND users.user_age <= '$age_to') AND";
$query .= " (users.gender = '$gender_search') AND";

$query .= " users.country IN ($search_country)";

$search_query = mysql_query($query);

Answer 2

尝试

            $search_country = implode(',',array_unique($_POST["chkUnr"]));

        $query = "";
        $query .= "SELECT users.* FROM users";
        if (isset($_POST['singles_online']) ? $_POST['singles_online'] : 0 == 1) {
          $query .= " LEFT JOIN online ON online.user_id = users.id";
        }
        $query .= " WHERE";
        if (isset($_POST['vip']) ? $_POST['vip'] : 0 == 1) {
         $query .= " users.vip = 1 AND";
        }
        if (isset($_POST['profile_image']) ? $_POST['profile_image'] : 0 == 2) {
          $query .= " users.profile_image = '2' AND";
        }
        if (isset($_POST['singles_online']) ? $_POST['singles_online'] : 0 == 1) {
          $query .= " online.is_online = 1 AND";
        }
        $query .= " (id NOT IN (SELECT user_id FROM users_blocked WHERE blocked_id = '$user_id')) AND";

        $query .= " (users.user_age >= '$age_from' AND users.user_age <= '$age_to') AND";

        $query .= " (users.gender = '$gender_search') AND";

        $query .= " users.country IN ('$search_country')";

        $search_query = mysql_query($query);

html <select multiple =“multiple”> + SQL查询搜索</select>

2 个答案: