查询是否设置了某些POST变量

时间:2012-04-16 10:03:59

标签: php mysql

我有2个表单都指向相同的functions.php页面

1表单有2个输入字段, Vechile Type 定价 ,另一种表单有3种输入类型, Vechile类型 定价 覆盖范围 < / p> 

if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'fixed' ) {
    // Query 
}
else if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'pump' ) {
    // Query 
}
else if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'fixed' && $_POST['coverageRegion'] == 'national' ) {
    // Query 
}
else if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'pump' && $_POST['coverageRegion'] == 'international'  ) {
    // Query 
}

现在我的声明不起作用,我是PHP的新手,所以请原谅我的天真,但我只希望从主页运行前2个查询,其中只设置2个变量,第二个2个查询运行时填写其他表格。

有没有办法可以说如果coverageRegion未设置,运行前2?

3 个答案:

答案 0 :(得分:2)

我会这样做:

我会这样做:

$where = array('1 = 1');
if(isset($_POST['vehicleType'])) {
    $where[] = "vehicleType = '" . mysql_real_escape_string($_POST['vehicleType']) . "'";
}
if(isset($_POST['pricing'])) {
    $where[] = "pricing = '" . mysql_real_escape_string($_POST['pricing']) . "'";
}
if(isset($_POST['coverageRegion'])) {
    $where[] = "coverageRegion = '" . mysql_real_escape_string($_POST['coverageRegion']) . "'";
}

// some more stuff
// if(isset($_POST['integerColumn'])) {
//     $where[] = "integerColumn = " . intval($_POST['integerColumn']);
// }
// if(count($where) == 1) {
//     die("You must specify at least one search criteria");
// }

$query = 'SELECT * FROM table WHERE ' . implode(' AND ', $where);

答案 1 :(得分:1)

if (!isset($_POST['coverageRegion']))
{
    //run first two
    if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'fixed' )
    {
        // Query 
    }
    else if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'pump' )
    {
        // Query 
    }
}
else
{
    // run other two
    if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'fixed' && $_POST['coverageRegion'] == 'national' )
    {
        // Query 
    }
    else if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'pump' && $_POST['coverageRegion'] == 'international'  )
    {
        // Query 
    }
}

答案 2 :(得分:0)

我会这样做:

$vehicle_types = array( 'lgv', 'hgv', 'plg', );
$pricings = array( 'fixed', 'pump', );
$regions = array( 'national', 'international', );
// Variables to search for
$params = array();
// Column names in the table
$conditions = array();

$qry = 'SELECT column1, column2, column3 FROM tablename';

// Add vehicle type to query
if ( ( isset( $_POST['vehicleType'] ) )
  && ( in_array( $_POST['vehicleType'], $vehicle_types ) ) ) {
    $params[] = $_POST['vehicleType'];
    $conditions[] = 'vehicleType = ?';
}

// Add pricing to query
if ( ( isset( $_POST['pricing'] ) )
  && ( in_array( $_POST['pricing'], $pricings ) ) ) {
    $params[] = $_POST['pricing'];
    $conditions[] = 'pricing = ?';
}

// Add region to query
if ( ( isset( $_POST['coverageRegion'] ) )
  && ( in_array( $_POST['coverageRegion'], $regions ) ) ) {
    $params[] = $_POST['coverageRegion'];
    $conditions[] = 'region = ?';
}

if ( count( $params ) ) {
    $qry .= ' WHERE ' . implode( ' AND ', $conditions );
    // Connect to database using PDO
    $db = new PDO( 'mysql:dbname=testdb;host=127.0.0.1', 'user', 'pass' );
    $stmt = $db->prepare( $qry );
    $stmt->execute( $params );
    $result = $stmt->fetchAll();
    print_r( $result );
}

优点:

  • 没有if/else意大利面条
  • 将来可以轻松添加更多选项
  • 由于mysql_real_escape_string准备好的陈述
    • ,无需PDO
  • 检查$_POST
    • 是否只接受允许的变量
相关问题
最新问题