我的网站有动态查询(用于搜索功能)。它动态地基于用户输入构建查询。
$query = "SELECT * FROM talents WHERE ";
if(!empty($_POST['firstName'])){
$query = $query . "firstName = '" . $_POST['firstName'] . "' AND ";
}
if(!empty($_POST['lastName'])){
$query = $query . "lastName = '" . $_POST['lastName'] . "' AND ";
}
if(!empty($_POST['gender'])){
$query = $query . "gender = '" . $_POST['gender'] . "' AND ";
}
if(!empty($_POST['eyeColor'])){
$query = $query . "eyeColor = '" . $_POST['eyeColor'] . "' AND ";
}
if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] != "High"){
$query = $query . "height BETWEEN '" . $_POST['heightLow'] . "' AND '" . $_POST['heightHigh'] . "' AND ";
}else if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] == "High"){
$query = $query . "height = '" . $_POST['heightLow'] . "' AND ";
}
if(!empty($_POST['hairColor'])){
$query = $query . "hairColor = '" . $_POST['hairColor'] . "' AND ";
}
if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] != "High"){
$query = $query . "weight BETWEEN '" . $_POST['weightLow'] . "' AND '" . $_POST['weightHigh'] . "' AND ";
}else if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] == "High"){
$query = $query . "weight = '" . $_POST['weightLow'] . "' AND ";
}
if(!empty($_POST['dressSize'])){
$query = $query . "dressSize = '" . $_POST['dressSize'] . "' AND ";
}
if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] != "High"){
$query = $query . "chest BETWEEN '" . $_POST['chestLow'] . "' AND '" . $_POST['chestHigh'] . "' AND ";
}else if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] == "High"){
$query = $query . "chest = '" . $_POST['chestLow'] . "' AND ";
}
if(!empty($_POST['shoeSize'])){
$query = $query . "shoeSize = '" . $_POST['shoeSize'] . "' AND ";
}
if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] != "High"){
$query = $query . "waist BETWEEN '" . $_POST['waistLow'] . "' AND '" . $_POST['waistHigh'] . "' AND ";
}else if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] == "High"){
$query = $query . "waist = '" . $_POST['waistLow'] . "' AND ";
}
if($_POST['hipsLow'] != "Low" && $_POST['hipsHigh'] != "High"){
$query = $query . "hips BETWEEN '" . $_POST['hipsLow'] . "' AND '" . $_POST['hipsHigh'] . "' ";
}else if($_POST['hipsLow'] != "Low" && $_POST['hipsigh'] == "High"){
$query = $query . "hips = '" . $_POST['hipsLow'] . "' ";
}
首先,忽略冗长的性质 - 这是一个工作的阿尔法。漂亮的代码之后。其次,High和Low变量引用了远程搜索(例如5'3和5'9之间的高度)。
这是我的问题; AND!我拥有它的方式,如果有hips输入的东西,它将起作用,除了它错误输出。但是,不可能预测用户将停止的位置。
这是一个非常常见的功能,我很惊讶这在互联网上找不到。有什么快速的想法吗?
答案 0 :(得分:4)
将您的条件保存为array,而不是string,如此
$query = array();
$query[] = "weight = '" . $_POST['weightLow'];
和implode与AND。
$final_query = implode(' AND ', $query);
答案 1 :(得分:1)
我有一个想法,清理你的输入。不要在查询中直接传递$ _POST ['xxx']。
在至少处,将其包装在mysql_real_escape_string()中。不过,你最好使用PHP的PDO。
逃跑后,它会开始工作。您可能还想考虑$query = rtrim($query, "AND") - 然后继续在查询结束时加上“AND”。
示例(未测试):
$query = "SELECT * FROM talents WHERE ";
if(!empty($_POST['firstName'])){
$query = $query . "firstName = '" . mysql_real_escape_string($_POST['firstName']) . "' AND ";
}
if(!empty($_POST['lastName'])){
$query = $query . "lastName = '" . mysql_real_escape_string($_POST['lastName']) . "' AND ";
}
if(!empty($_POST['gender'])){
$query = $query . "gender = '" . mysql_real_escape_string($_POST['gender']) . "' AND ";
}
if(!empty($_POST['eyeColor'])){
$query = $query . "eyeColor = '" . mysql_real_escape_string($_POST['eyeColor']) . "' AND ";
}
if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] != "High"){
$query = $query . "height BETWEEN '" . mysql_real_escape_string($_POST['heightLow']) . "' AND '" . mysql_real_escape_string($_POST['heightHigh']) . "' AND ";
}else if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] == "High"){
$query = $query . "height = '" . mysql_real_escape_string($_POST['heightLow']) . "' AND ";
}
if(!empty($_POST['hairColor'])){
$query = $query . "hairColor = '" . mysql_real_escape_string($_POST['hairColor']) . "' AND ";
}
if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] != "High"){
$query = $query . "weight BETWEEN '" . mysql_real_escape_string($_POST['weightLow']) . "' AND '" . mysql_real_escape_string($_POST['weightHigh']) . "' AND ";
}else if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] == "High"){
$query = $query . "weight = '" . mysql_real_escape_string($_POST['weightLow']) . "' AND ";
}
if(!empty($_POST['dressSize'])){
$query = $query . "dressSize = '" . mysql_real_escape_string($_POST['dressSize']) . "' AND ";
}
if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] != "High"){
$query = $query . "chest BETWEEN '" . mysql_real_escape_string($_POST['chestLow']) . "' AND '" . mysql_real_escape_string($_POST['chestHigh']) . "' AND ";
}else if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] == "High"){
$query = $query . "chest = '" . mysql_real_escape_string($_POST['chestLow']) . "' AND ";
}
if(!empty($_POST['shoeSize'])){
$query = $query . "shoeSize = '" . mysql_real_escape_string($_POST['shoeSize']) . "' AND ";
}
if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] != "High"){
$query = $query . "waist BETWEEN '" . mysql_real_escape_string($_POST['waistLow']) . "' AND '" . mysql_real_escape_string($_POST['waistHigh']) . "' AND ";
}else if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] == "High"){
$query = $query . "waist = '" . mysql_real_escape_string($_POST['waistLow']) . "' AND ";
}
if($_POST['hipsLow'] != "Low" && $_POST['hipsHigh'] != "High"){
$query = $query . "hips BETWEEN '" . mysql_real_escape_string($_POST['hipsLow']) . "' AND '" . mysql_real_escape_string($_POST['hipsHigh']) . "' AND";
}else if($_POST['hipsLow'] != "Low" && $_POST['hipsigh'] == "High"){
$query = $query . "hips = '" . mysql_real_escape_string($_POST['hipsLow']) . "' AND";
}
$query = rtrim($query, "AND");