我正在尝试创建一个我可以在select语句中使用的字符串,该字符串包含从另一个页面序列化的3个多值。例如:
$FullName1 = implode("' OR FullName = '", $_POST['FullName']);
$FullName2 = "FullName = '" . $FullName1;
$FullName0 = $FullName2 . "' ";
echo $FullName0;
给我“FullName ='Joe Dirt'或FullName ='John Doe' , $ ProjectType1 = implode(“'OR ProjectType ='”,$ _POST ['ProjectType']); $ ProjectType2 =“ProjectType ='”。 $ ProjectType1; $ ProjectType0 = $ ProjectType2。 “'”;
echo $ProjectType0;
给我“ProjectType ='客户见面'或ProjectType ='ESN Change'” ,和
$Company1 = implode("' OR Company = '", $_POST['Company']);
$Company2 = "Company = '" . $Company1;
$Company0 = $Company2 . "' ";
echo $Company0;
给我“Company ='Acme'OR Company ='Airgas'”
我想要做的是将这三个安排成类似
的东西“$string =
Company = 'Acme' AND ProjectType = 'Customer Meetings' AND FullName = 'Joe Dirt'
OR
Company = 'Acme' AND ProjectType = 'Customer Meetings' AND FullName = 'John Doe'
OR
Company = 'Acme' AND ProjectType = 'ESN Change' AND FullName = 'Joe Dirt'
OR
Company = 'Acme' AND ProjectType = 'ESN Change' AND FullName = 'John Doe'
OR
Company = 'Airgas' AND ProjectType = 'Customer Meetings' AND FullName = 'Joe Dirt'
OR
Company = 'Airgas' AND ProjectType = 'Customer Meetings' AND FullName = 'John Doe'
OR
Company = 'Airgas' AND ProjectType = 'ESN Change' AND FullName = 'Joe Dirt'
OR
Company = 'Airgas' AND ProjectType = 'ESN Change' AND FullName = 'John Doe'
OR
"
所以我可以运行像
这样的声明"SELECT * FROM Tracker WHERE ID > 0 AND $string ORDER BY Created DESC"
另外,如果有更简单的方法,我就是为了它!感谢。
答案 0 :(得分:0)
首先,使用这样的输入:
<input type="text" name="s[]" value="s1" />
<input type="text" name="s[]" value="s2" />
<input type="text" name="s[]" value="" />
$ _REQUEST / $ _ POST / $ _ GET中的数据如下所示:
$_REQUEST["s"] = array("s1","s2",""); // attention: order may vary
所以你想要做的是:剥离空值并修剪结果:
$trimmed = array_map("trim",$_REQUEST["s"]); // all values are trimmed
$cleaned = array_filter($trimmed); // all empty strings were left out
所以现在你有一个只有有效值的数组。
所以你像这样写你的过滤字符串:使用SQL&#34; in&#34;运算符(see docu)
// I assume you have an array of filters called $filters
// I assume you have an SQL connection object called $db - @link http://www.php.net/manual/en/book.mysqli.php for details
// I assume you are familiar with protection methods against SQL injections like mysqli::real_escape_string
if ( count($cleaned) )
{
$escaped = array_map(array($db, "real_escape_string"), $cleaned);
$filters[] = "FullName in ('". implode("','", $escaped) ."')";
}
如果您已完成所有过滤器,则可以像这样编写查询:
$qry = "select x from y". ( count($filters) ? " where ". implode(" and ", $filters) : "" ) ." order by z desc" ;
您可以重复所描述的技术来获得类似的字符串
select * from Tracker where Company in ('Acme','Airgas') and ProjectType in ('Customer Meetings','ESN Change') and FullName in ('John Doe','Joe Dirt') order by Created desc
另一个提示:您可以将这种技术用于数组键中的名称,也可以用于复选框或多选字段
<input type="checkbox" name="x[1]" value="a"/>
<input type="checkbox" name="x[2]" value="b"/>
<input type="checkbox" name="x[3]" value="c"/>
<select name="y[]" multiple>
<option value="volvo">Volvo</option>
<option value="saab">Saab</option>
<option value="opel">Opel</option>
<option value="audi">Audi</option>
</select>
有了这些知识,您应该能够根据需要调整代码,编写一些非常小的函数来使代码整洁并始终记住:注意SQL注入。
整个代码未经测试。写它只是为了让你知道该怎么做