我想使用带有pdo语句的简单过滤器。以前我使用的是以下代码。
$sql = "select * from cities where 1 ";
$city = $_REQUEST['city_name'];
if($city!=""){
$sql = $sql. " and name ='".$city."'";
}
$country = $_REQUEST['country_name'];
if($country!=""){
$sql = $sql. " and country_name ='".$country."'";
}
$result= mysql_query($sql);
如果名称或国家/地区名称未来,我想使用过滤器,它应显示所有结果,如果选择名称,则只会出现城市名称结果。如果选择了国家/地区,则国家/地区将适用,否则国家/地区过滤器将不适用。
现在我想和pdo预处理语句一起使用,但我没有得到如何创建它。
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password');
答案 0 :(得分:2)
试试这个。 $dynamic_fields必须包含键中的mysql字段名称和值中的输入名称:
// mysql_fileld_name => request_key_name
$dynamic_fields = array(
'name' => 'city_name',
'country_name' => 'country_name'
);
$field_values = array();
foreach ($dynamic_fields as $mysql_fname => $input_fname) {
if (!empty($_REQUEST[ $input_fname ])) {
$sql .= ' AND `' . $mysql_fname . '` = :' . $mysql_fname;
$field_values[ ':' . $mysql_fname ] = $_REQUEST[ $input_fname ];
}
}
$pdo = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password');
$statement = $pdo->prepare($sql);
$statement->execute($field_values);
$result = $statement->fetchAll();
答案 1 :(得分:1)
试试这样:
$arr = array();
$sql = "select * from cities where 1 ";
$city = $_REQUEST['city_name'];
if($city!=""){
$sql .= " and name = :name";
$arr[] = ":name => $city";
}
$country = $_REQUEST['country_name'];
if($country!=""){
$sql .= " and country_name = :country";
$arr[] = ":country => $country";
}
$db = new PDO(DSN, user, password);//set correct db credential
$objStaement = $db->prepare($sql);
//if ($city) $objStaement->bindValue(':name',$city);
//if ($country) $objStaement->bindValue(':country',$country);
$objStaement->execute($arr);
$objStaement->closeCursor();
答案 2 :(得分:0)
试试这个:(特别为您编辑)...现在所有绑定都在一个if if / elseif语句中进行。更多的代码,但也许更快一点点。
$name = $_REQUEST['city_name'];
$country_name = $_REQUEST['country_name'];
$dsn = 'mysql:host=localhost;dbname=your_db';
$db_user = 'username';
$db_password = 'password';
$db = new PDO($dsn, $db_user, $db_password);
if ($name && $country_name) {
$query = 'SELECT * FROM cities WHERE name = :name AND country_name = :country_name';
$statement = $db->prepare($query);
$statement->bindValue(':name',$name);
$statement->bindValue(':country_name',$country_name);
} elseif ($name) {
$query = 'SELECT * FROM cities WHERE name = :name';
$statement = $db->prepare($query);
$statement->bindValue(':name',$name);
} elseif ($country_name) {
$query = 'SELECT * FROM cities WHERE country_name = :country_name';
$statement = $db->prepare($query);
$statement->bindValue(':country_name',$country_name);
} else {
$query = 'SELECT * FROM cities';
$statement = $db->prepare($query);
}
$statement->execute();
$statement->closeCursor();
答案 3 :(得分:0)
您可以以同样的方式进行查询。但要执行查询,请使用
$db = new PDO(your information...);
$stmt = $db->prepare($sql);<--your query is $sql
$stmt->execute();
$results = $stmt->fetchAll(PDO::FETCH_ASSOC); //use this to get associative array
$results = $stmt->fetchAll(PDO::FETCH_OBJ); //use this to get objects
$results = $stmt->fetchAll(PDO::FETCH_NUM); //use this for a regular array
有关抓取样式here的更多信息。您可能还想了解参数化查询PDOStatement::bindParam