我正在尝试按照引用来回答,但不确定应如何编写:
empty()认为'0'为空,所以$ p_student = 空($ _ POST [ “学生”]) '':$ _ POST [ “学生”]; $ p_student是真的 $ _POST [“student”]为'0'...因此,下面的情况总是如此 'default',所以你应该将$ p_student设置为'0',如果为空()和 它应该没问题......我想...(这对于$ p_student和 $ p_question当然......)
我已经设置了一个案例陈述来匹配上面的例子,但我的问题是如何根据上面的例子编写$ p_student?
我的尝试:
// Check whether a specific student was selected
$p_student = empty($_POST["student"])?'0':$_POST["student"];
switch($p_student){
case -1:
//dont' add where filters
break;
default:
$where[] = 'sa.StudentId = ?';
$parameters[] .= $_POST["student"];
$parameterTypes .= 'i';
}
更新:
我试图做的是,如果All选项,则执行case -1,否则执行default。我做错了什么,因为这就是我在下拉值上提出这个问题的原因:
学生:
<select name="student" id="studentsDrop">
<option value="-1">All</option>
<option value="39">Luke Mcfadzen</option>
<option value="40">Chris Tucker</option>
</select>
问题:
<select name="question" id="questionsDrop">
<option value="-1">All</option>
<option value="72">1</option>
<option value="73">2</option>
</select>
动态where子句是我试图取决于用户是否选择所有学生或个别学生和所有问题或个别问题..如果个人然后查找学生使用where子句和相同的问题,如果所有学生然后因为我们不寻找特定的学生,所以不需要学生的条件,这对于问题也是一样的。该查询具有q.SessionId = ?
我收到错误声明:
$selectedstudentanswerqry = "
SELECT
sa.StudentId, StudentAlias, StudentForename, ...
FROM Student st
...
";
// Initially empty
$where[] = "q.SessionId = ?";
$parameters[] = $_POST["session"];
$parameterTypes = 'i';
//check if POST is empty
// Check whether a specific student was selected
//LINE 345 ERROR
$student_id = (isset($_POST['student'])) ? $mysqli->real_escape_string(trim($_POST['student'])) : null ;
if (is_numeric($student_id)){ //If student ID is a numeric value
$where[] = "sa.StudentId = ?" ;
$parameters[] = ((int)$student_id == -1) ? "sa.StudentId" : $student_id ;
$parameterTypes .= "i" ;
}
// Check whether a specific question was selected
$question_id = (isset($_POST['question'])) ? $mysqli->real_escape_string(trim($_POST['question'])) : null ;
if (is_numeric($question_id)){ //If student ID is a numeric value
$where[] = "q.QuestionId = ?" ;
$parameters[] = ((int)$question_id == -1) ? "q.QuestionId" : $question_id ;
$parameterTypes .= "i" ;
}
// If we added to $where in any of the conditionals, we need a WHERE clause in
// our query
if(!empty($where)) {
$selectedstudentanswerqry .= ' WHERE ' . implode(' AND ', $where);
global $mysqli;
$selectedstudentanswerstmt=$mysqli->prepare($selectedstudentanswerqry);
// You only need to call bind_param once
if (count($where) == 1) {
$selectedstudentanswerstmt->bind_param($parameterTypes, $parameters[0]);
}
else if (count($where) == 2) {
$selectedstudentanswerstmt->bind_param($parameterTypes, $parameters[0], $parameters[1]);
}
else if (count($where) == 3) {
$selectedstudentanswerstmt->bind_param($parameterTypes, $parameters[0], $parameters[1], $parameters[2]);
}
}
$selectedstudentanswerqry .= "
GROUP BY sa.StudentId, q.QuestionId
ORDER BY StudentAlias, q.SessionId, QuestionNo
";
// get result and assign variables (prefix with db)
$selectedstudentanswerstmt->execute();
$selectedstudentanswerstmt->bind_result(...);
$selectedstudentanswerstmt->store_result();
$selectedstudentanswernum = $selectedstudentanswerstmt->num_rows();
答案 0 :(得分:1)
$p_student = -1;
if(isset($_POST["student"]) && filter_var($_POST["student"], FILTER_VALIDATE_INT) !== FALSE && trim($_POST["student"]) >= 0 ) {
$p_student = $_POST["student"];
}
....
答案 1 :(得分:0)
如果您认为$ _POST [&#39;学生&#39;]有时可能会:
请勿使用empty() ;
选中此(Updated):
$student_id = (isset($_POST['student'])) ? mysqli_real_escape_string($mysqli, trim($_POST['student'])) : null ;
if (is_numeric($student_id)){ //If student ID is a numeric value
$where[] = "sa.StudentId = ?" ;
$parameters[] = ((int)$student_id == -1) ? "sa.Student_id" : $student_id ;
$parameterTypes .= "i" ;
}