我正在使用HTML选择输入,启用了多个选项,我正在查看所选选项并尝试处理我的SQL ...但是,我收到来自SQL的警告告诉我,如果我的选择语句是的,我应该使用“SET SQL_BIG_SELECTS = 1”,因为JOIN超过限制?
这是我的疑问:
"
SELECT wposts.*, wpostmeta.*
FROM $wpdb->posts wposts, $wpdb->postmeta wpostmeta, $wpdb->postmeta wpostmeta2, $wpdb->postmeta wpostmeta3
WHERE wposts.ID = wpostmeta.post_id
AND wposts.ID = wpostmeta2.post_id
AND wposts.ID = wpostmeta3.post_id
AND wpostmeta.meta_key = 'listing_subtype'
AND wpostmeta.meta_value = '$search_home_type'
AND wpostmeta2.meta_key = 'map_area'
AND ";
$count = 0;
foreach ($params['search_map_area'] as $map_area) :
if ( $count != 0 ) :
$querystr .= "OR ";
endif;
$querystr .= "wpostmeta2.meta_value = '$map_area' ";
$count++;
endforeach;
$querystr .= "AND wpostmeta3.meta_key = 'price_current'
AND wpostmeta3.meta_value BETWEEN $search_price_min AND $search_price_max
AND wposts.post_status = 'publish'
AND wposts.post_type = 'vreb_property'
ORDER BY wposts.post_date DESC
LIMIT 0, 20
";
有更好的方法来查询吗?这是多个OR wpostmeta2.meta_value = '$map_area'似乎导致我的脚本超时...
答案 0 :(得分:0)
FROM $wpdb->posts wposts,
INNER JOIN $wpdb->postmeta wpostmeta ON wposts.ID = wpostmeta.post_id
INNER JOIN $wpdb->postmeta wpostmeta2 ON wposts.ID = wpostmeta2.post_id
INNER JOIN $wpdb->postmeta wpostmeta3 ON wposts.ID = wpostmeta3.post_id
WHERE ...
使用JOIN ... ON可能比在WHERE类中拥有所有ID关系更受欢迎。
你应该真正使用参数化查询,所以你不要打开自己的SQL注入,因为它似乎没有正确地转义你使用的任何字符串。 http://www.php.net/manual/en/mysqli.real-escape-string.php
但如果您在私人/内部应用程序和安全方面的工作被诅咒......
$temp = "'" . implode("','", $params['search_map_area']) . "'";
if($temp != "''")
$querystr .= "wpostmeta2.meta_value IN ($temp)";
else
$querystr .= " 1=1 ";
使用IN关键字而不是多个“OR col ='val'”也是首选。