用php动态生成mysql查询

时间:2013-06-27 01:44:25

标签: php mysql

我正在尝试学习如何根据用户选择填充数据的表单字段动态生成mysql查询。为了使学习过程尽可能简单,我使用了一个简单的表单,其中包含用户名和姓的字段。代码的基本(非动态)版本如下:

<html>
<head>

<title>Untitled</title>

</head>
<body>

<form method="post" name="test" action="dynamic_search.php">
<input type="text" name="first_name">
<input type="text" name="last_name">
<input type="submit" value="Submit">

</form>

<?php

$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];

include "link.php";

$query = "SELECT * FROM members " .
     "WHERE first_name = '$first_name' " .
     "AND last_name = '$last_name' ";

$result = mysql_query($query) 
or die(mysql_error());

$row = mysql_fetch_array($result);
$member_id = $row['member_id'];
$member_first_name = $row['first_name'];
$member_last_name = $row['last_name'];

echo $member_id;
echo $member_first_name;
echo $member_last_name;

?>
</body>
</html>

我需要做的是根据提交的数据生成查询。因此,如果用户只输入他们的名字,则查询将显示为:

$query = "SELECT * FROM members " .
     "WHERE first_name = '$first_name' ";

但是如果用户同时输入他们的名字和姓氏,则查询将显示为:

$query = "SELECT * FROM members " .
     "WHERE first_name = '$first_name' " .
     "AND last_name = '$last_name' ";

任何帮助(或者如果有人能指出我指向一个好的教程)将不胜感激!

谢谢!

3 个答案:

答案 0 :(得分:1)

您可以使用PHP检查输入并在必要时附加到查询。

$query = "SELECT * FROM members ";
$query .= "WHERE first_name = '$first_name' ";
if($last_name!="")
    $query .="AND last_name = '$last_name' ";

请记住使用real_escape_string

来转义字符串 
$first_name = mysql_real_escape_string($_POST['first_name']);

如果您想检查名字:

$query = "SELECT * FROM members ";
if($first_name!=""){
    $query .= "WHERE first_name = '$first_name' ";
    if($last_name!="")
        $query .="AND last_name = '$last_name' ";
}
else{
    if($last_name!="")
        $query .="WHERE last_name = '$last_name' ";
}

答案 1 :(得分:1)

首先,don't use mysql_* functions in new code。它们不再被维护and are officially deprecated。请参阅red box?转而了解prepared statements,并使用PDOMySQLi - this article将帮助您确定哪个。如果您选择PDO,here is a good tutorial。 (Credit

第二,caution to always escape user input being included in an SQL statement。准备好的语句会自动为您处理。

话虽如此,你所追求的PHP逻辑是这样的:

<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");

$first_name = $mysqli->real_escape_string($_POST['first_name']);
$last_name  = $mysqli->real_escape_string($_POST['last_name']);

$sql = "SELECT * FROM members WHERE 1";
if (! empty($first_name)) {
    $sql .= " AND first_name = '$first_name'";
}
if (! empty($last_name)) {
    $sql .= " AND last_name = '$last_name'";
}

答案 2 :(得分:0)

因此,如果您想基于表单条目生成MySQL查询,则可以在下面查看此函数生成器:

Php Sql查询生成器

https://github.com/nilportugues/php-sql-query-builder

这使您可以获取表单结果及其字段名称(或ID),并将其编码到查询生成器中,以生成所需的查询!

一点建议是确保字段名称与表列名称匹配。这将使您的过程更加无缝。

例如。在您的情况下(假设您的列名与表单名匹配,并且表被命名为“成员”):

git merge-file -p --diff3 ours base theirs

这将输出:

<?php
use NilPortugues\Sql\QueryBuilder\Builder\GenericBuilder;

$builder = new MySqlBuilder(); // <-- use MySqlBuilder

$query = $builder->select()
    ->setTable('members')
    ->setColumns(['first_name','last_name','email']); // <-- Form names
     
echo $builder->write($query);  
?>

哇!

您可以在开发人员的GitHub页面上生成许多复杂的查询。

相关问题
最新问题