替换if语句以获取多个表单输入值

时间:2016-02-19 17:21:50

标签: php forms if-statement

我有一个HTML表单供用户选择国家,地区,卧室号码和价格。

<form action="" enctype="" method="POST">
<p>Property Search
<select name="search_country">
  <option value="">Select a country</option>
  <option value="uk">UK</option>
  <option value="france">France</option>
</select>
<select name="search_region">
  <option value="">Select a region</option>
  <option value="london">London</option>
  <option value="birmingham">Birmingham</option>
  <option value="paris">Paris</option>
  <option value="calais">Calais</option>
</select>
<select name="search_bedroomnumber">
  <option value="">Select number of bedrooms</option>
  <option value="1">1</option>
  <option value="2">2</option>
  <option value="3">3</option>
  <option value="4">4</option>
  <option value="5">5</option>
</select>   

<input type="submit" name="search_submit" value="Search" />

 

我目前查询数据库的方法是对所选表单选项的每个变体都使用if语句,如下所示:

if($_POST['search_country'] == "uk" and $_POST['search_region'] == "london" and $_POST['search_bedroomnumber'] == 4) {
$sqlcommand = "(SELECT * FROM properties 
WHERE country = 'uk' 
AND region = 'london' 
AND bedroomnumber = 4 
ORDER BY price ASC 
$properties = Properties::find_by_sql($sqlcommand);
};

有很多选项,这需要大量的if语句,我确信有一种更有效的方式,我没有看到(非常业余的编码器)。

任何建议都将不胜感激。感谢。

4 个答案:

答案 0 :(得分:1)

必须查看http://php.net/manual/en/mysqli.real-escape-string.php,您可以在转义后将$ _POST中的所有变量转换为变量,然后在查询中使用它。

$mysqli = new mysqli("localhost", "my_user", "my_password", "world");

$country = $mysqli->real_escape_string($_POST['search_country']);
$region = $mysqli->real_escape_string($_POST['search_region']);
$bedroom = $mysqli->real_escape_string($_POST['search_bedroomnumber']);

$sql = "SELECT * FROM properties 
WHERE country = '$country' 
AND region = '$region' 
AND bedroomnumber = $bedroom 
ORDER BY price ASC" ;

然后你可以使用这个$ sql。

确保在检查空输入等的地方也有其他检查。

答案 1 :(得分:1)

PDO就是答案!

结合filter_input获得最大效果

收集所有参数:(添加消毒)

$country = isset($_POST['country']) ? $_POST['country'] : 'uk';
...

写下你的疑问:

$sql = 'SELECT * FROM properties 
WHERE country = :country 
AND region = :region 
AND bedroomnumber = :bedroomnumber 
ORDER BY price ASC';

准备您的查询

$stmt = $db->prepare($sql);

绑定参数:

$stmt->bindParam(':country', $country);
...

执行并获取:

$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);

答案 2 :(得分:1)

<?php
if($_POST['search_country'] && $_POST['search_region'] && $_POST['search_bedroomnumber']) {

    $country = $_POST['search_country'];
    $region = $_POST['search_region'];
    $bedroomNo = $_POST['search_bedroomnumber'];

    $sqlcommand = "SELECT * FROM properties WHERE country = '$country' AND region = '$region' AND bedroomnumber = $bedroomNo ORDER BY price ASC ";
    $properties = Properties::find_by_sql($sqlcommand);
}
?>

答案 3 :(得分:1)

你根本不需要IF。只需将所有预期的GET或POST值分配给变量,并在转义它们之后将这些变量放入SQL代码中。

相关问题
最新问题