最佳,
我是忙着制作一个网站,但有一件事让我感到震惊...... 我必须做一个真正的长搜索查询,我已经制作了这个PHP代码:
if($_GET['genre']) {
echo 'SELECT * FROM movies WHERE `genre1` = ';
foreach($_GET['genre'] as $genre)
{
$genres = array( "Actie", "Animatie", "Avontuur", "Documentaire", "Drama", "Erotiek", "Familie", "Fantasy", "Film", "Horror", "Komedie", "Misdaad", "Muziek", "Mystery", "Oorlog", "Roadmovie", "Romantiek", "Sciencefiction", "Thriller", "Western" );
if (!in_array($genre, $genres))
{
header('location: ?error=1');
}
echo " '".$genre."' OR `genre2` = '".$genre."'"; if(end($_GET['genre']) !== $genre)
{
echo ' OR `genre1` = ';
}
}
echo " AND `year` > '".$_GET['year1']."' AND `year` < '".$_GET['year2']."';";
}
else
{
echo "SELECT * FROM movies WHERE `year` > '".$_GET['year1']."' AND `year` < '".$_GET['year2']."';";
}
在这样的网址上:
127.0.0.1/querygenerator.php?genre%5B3%5D=Avontuur&genre%5B4%5D=Documentaire&genre%5B6%5D=Erotiek&year1=1900&year2=2014
它输出的内容如下:
SELECT * FROM movies WHERE `genre1` = 'Avontuur' OR `genre2` = 'Avontuur' OR `genre1` = 'Documentaire' OR `genre2` = 'Documentaire' OR `genre1` = 'Erotiek' OR `genre2` = 'Erotiek' AND `year` > '1900' AND `year` < '2014';
所以,我的问题是,我怎样才能将这一整个PHP变量,所以我可以运行查询?
我可以使用file_get_contents执行此操作,但我认为这不太安全。
谢谢! - 卡里姆
答案 0 :(得分:0)
只是连接到一个字符串rater而不是echoing:
if($_GET['genre']) {
$sql = 'SELECT * FROM movies WHERE `genre1` = ';
foreach($_GET['genre'] as $genre) {
$genres = array( "Actie", "Animatie", "Avontuur", "Documentaire", "Drama", "Erotiek", "Familie", "Fantasy", "Film", "Horror", "Komedie", "Misdaad", "Muziek", "Mystery", "Oorlog", "Roadmovie", "Romantiek", "Sciencefiction", "Thriller", "Western" );
if (!in_array($genre, $genres)) {
header('location: ?error=1');
die();
}
$sql = $sql . " '".$genre."' OR `genre2` = '".$genre."'";
if(end($_GET['genre']) !== $genre) {
$sql = $sql . ' OR `genre1` = ';
}
}
$sql = $sql . " AND `year` > '".$_GET['year1']."' AND `year` < '".$_GET['year2']."';";
} else {
$sql = "SELECT * FROM movies WHERE `year` > '".$_GET['year1']."' AND `year` < '".$_GET['year2']."';";
}
echo $sql;