如何在PHP中有条件地为我的查询添加一个子句?

时间:2010-09-29 19:06:01

标签: php

在我的搜索表单中,我拥有,重视男性,重视女性,并重视两者。如果你同时选择这两个,我不希望在“性别='$性'”

我应该这样做:

if(empty($sex)){ // value empty if you chose "both"
$query = "SELECT firstname, lastname, id, user_name, sex, last_access, bostadsort FROM users WHERE (firstname LIKE '%$firstname%' OR lastname LIKE '%$lastname%')";
}else{
$query = "SELECT firstname, lastname, id, user_name, sex, last_access, bostadsort FROM users WHERE (firstname LIKE '%$firstname%' OR lastname LIKE '%$lastname%') AND sex = '$sex'";
}

或者有一种聪明的方式来写这个吗?

3 个答案:

答案 0 :(得分:6)

从不从用户输入构建SQL字符串。这就是准备好的陈述。它们是安全的,在重新执行时执行速度更快,并且易于使用,因此请使用它们:

$sql = "
  SELECT
    firstname, lastname, id, user_name, sex, last_access, bostadsort
  FROM
    users 
  WHERE
    (firstname LIKE '%'|| ? || '%' OR lastname LIKE '%'|| ? || '%')
    AND Sex = CASE ? WHEN 'both' THEN Sex ELSE ? END
";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('ssss', $firstname, $lastname, $sex, $sex);

$result = $stmt->execute();

答案 1 :(得分:3)

如何不重复自己:

$query = "SELECT firstname, lastname, id, user_name, sex, last_access, bostadsort FROM users WHERE (firstname LIKE '%$firstname%' OR lastname LIKE '%$lastname%')";

if(!empty($sex)){
    $query = $query . " AND sex = '$sex'";
}

答案 2 :(得分:2)

你可以这样做:

$sql = "SELECT ..."; 

if (!empty($gender))
{
    $sql .= " AND gender = '$gender'";
}

并确保注意sql注入。

相关问题
最新问题