我有4个if / else条件,4个中只有3个正常工作,条件中的值会有数字和文本的组合,这会导致问题。
我不确定,有人可以告诉我这是否会导致问题,是否还有其他方法可以做到这一点。
在下面的代码中,我提到了从表单传递的2个变量的值。在这种情况下,理想情况下它应该转到第3条If条件,但如果条件则转到第4条。
我的PHP代码的一部分:
echo "category :".$option." ".$suboption." "; //Values displayed for $option is 4 and $suboption is Nitrogen
if ($option==0 && $suboption==0)
$dc=mysql_query("SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER ORDER BY Ac_code, Prod_desc");
else{
if($option==0 && $suboption!=0)
$dc=mysql_query("SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER WHERE Prod_desc='$suboption' ORDER BY Ac_code, Prod_desc");
else{
if($option!=0 && $suboption!=0)
$dc=mysql_query("SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER WHERE Ac_code='$option' AND Prod_desc='$suboption' ORDER BY Ac_code, Prod_desc");
else{
if($option!=0 && $suboption==0)
$dc=mysql_query("SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER WHERE Ac_code='$option' ORDER BY Ac_code, Prod_desc");
}
}
}
答案 0 :(得分:1)
这是错误的代码。
请勿使用这么多if else条件,根据您的条件定义变量并使用开关盒,
或使用else if
不要将字符串“氮”与数字0进行比较
请参阅:http://codepad.org/8a4qFgmf
<?php
$myVar = ('Nitrogen' == 0);
var_dump($myVar); // THIS IS TRUE
?>
答案 1 :(得分:1)
如何做更像这样的事情(虽然这对于用户定义的数据仍然不安全(需要正确转义)
<?php
function array_map_assoc( $callback , $array ){
$r = array();
foreach ($array as $key=>$value)
$r[$key] = $callback($key,$value);
return $r;
}
function funtimes($option, $suboption) {
$query = "SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER%sORDER BY Ac_code, Prod_desc";
$clause = array("Ac_code" => $option, "Prod_desc" => $suboption);
$clause = array_filter($clause);
$where = ' ';
if (count($clause)) {
$where = " WHERE " . implode(', ',array_map_assoc(function($k,$v){return "$k='$v'";},$clause)) . " ";
}
echo "For option=$option, suboption=$suboption\n";
echo sprintf($query, $where);
echo "\n\n";
}
funtimes(0, 0);
funtimes(1, 0);
funtimes(0, 1);
funtimes(1, 1);
<强>输出
For option=0, suboption=0
SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER ORDER BY Ac_code, Prod_desc
For option=1, suboption=0
SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER WHERE Ac_code='1' ORDER BY Ac_code, Prod_desc
For option=0, suboption=1
SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER WHERE Prod_desc='1' ORDER BY Ac_code, Prod_desc
For option=1, suboption=1
SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER WHERE Ac_code='1', Prod_desc='1' ORDER BY Ac_code, Prod_desc
现在你有了正确的查询,所以只需执行它。
答案 2 :(得分:1)
是的,代码可以清理,但是对于你的代码,如果输入是数字和文本,如果0表示没有选项,空字符串表示没有选项(这看起来像你在做什么),那么替换条件
if ($option==0 && $suboption==0)
to
if ($empty(option) && empty($suboption))
同样如此。
我会写这样的代码
$qry = 'SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER';
$where = ' WHERE ';
$post = ' ORDER BY Ac_code, Prod_desc';
$clause = '';
if(!empty($option))
{
$clase = $where . " Ac_code='$option'";
$where = " AND ";
}
if(!empty($suboption))
{
$clase = $where . " Prod_desc='$suboption'";
}
答案 3 :(得分:0)
虽然我同意DhruvPathak,但这里的代码已经清理了一下。切换可能不是最佳选择,因为您正在比较两件事,而不仅仅是一件事。
//initialize variables
$option = $suboption = 0;
// get option values
//...your code here...
$sql = "SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER";
if ($option!=0 && $suboption==0) {
$sql .= " WHERE Ac_code='$option'";
}
elseif($option==0 && $suboption!=0) {
$sql .= " WHERE Prod_desc='$suboption'";
}
elseif($option!=0 && $suboption!=0) {
$sql .= " WHERE Ac_code='$option' AND Prod_desc='$suboption'";
}
$sql .= " ORDER BY Ac_code, Prod_desc";
$dc = mysql_query($sql);
请注意,如果您通过GET或POST获取选项和子选项值,则这些查询对SQL注入攻击是开放的。还有更好的方法来进行数据提取。
根据您的反馈,这有效吗?
$sql = "SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER";
if ($option!=0) {
$sql .= " WHERE Ac_code='$option'";
if ( (int)$suboption >= 0 || strlen($suboption) > 1)
$sql .= " AND Prod_desc='$suboption'";
}
elseif($option==0 && ((int)$suboption >= 0 || strlen($suboption) > 1) ) {
$sql .= " WHERE Prod_desc='$suboption'";
}
$sql .= " ORDER BY Ac_code, Prod_desc";