如何根据PHP数组更改SQL查询?

时间:2014-08-14 18:42:24

标签: php sql oracle

我有一个引用SQL查询的PHP文件,验证返回的联系人数据是否符合某些标准,然后生成包含所有联系人数据的XML文件。部分查询允许我选择要从中提取数据的国家/地区(例如,将WHERE tbl_vsed_unvalidated.c ='US'添加到美国的末尾)。我一直在做的只是编辑SQL查询以在运行PHP脚本之前选择适当的国家。

我现在正在研究的是一种通过HTML表单选择任何国家/地区的方法,通过POST方法将这些结果存储在PHP数组中,然后动态地对SQL“WHERE”语句进行控制以返回选定的国家。我找到了一种方法来实现这一点,使用$ where变量和implode()方法来添加数组中的所有国家/地区。我遇到的唯一问题是我使用“file_get_contents(SqlQuery.sql)”引用SQL查询。看起来这是引用查询的唯一方法,因为它非常大并且必须包含多个“s”和“s”。

如果已经包含引号和撇号,是否有任何方法可以在PHP中用引号括起SQL查询?以下是我希望它的外观:

$query = " SELECT tbl_vsed_unvalidated.keyuid "UNIQUE ID",tbl_vsed_unvalidated.sn "LAST NAME",
           tbl_vsed_unvalidated.gskpreferredname "FIRST NAME",             
           tbl_vsed_unvalidated.initials "MIDDLE INITIAL",
           tbl_vsed_unvalidated.co "COUNTRY",-- tbl_vsed_unvalidated.preferredlanguage "PREFERRED LANGUAGE",
           tbl_vsed_unvalidated.c "CODE",
           'Business Level 1' AS "CUSTOM LABEL 1",
           tbl_vsed_unvalidated.gskglobalbusinesscategory "CUSTOM VALUE 1", 
           'Business Level 2' AS "CUSTOM LABEL 2", tbl_vsed_unvalidated.o "CUSTOM VALUE 2",
           'Business Level 3' AS "CUSTOM LABEL 3",tbl_vsed_unvalidated.ou "CUSTOM VALUE 3",
           'Department' AS "CUSTOM LABEL 4",tbl_vsed_unvalidated.gskdepartmentname "CUSTOM VALUE 4",
           'Site' AS "CUSTOM LABEL 5",tbl_vsed_unvalidated.l "CUSTOM VALUE 5", 
           'Employee ID' AS "CUSTOM LABEL 6",tbl_vsed_unvalidated.employeenumber "CUSTOM VALUE 6",
           'Resource Type' AS "CUSTOM LABEL 7",tbl_vsed_unvalidated.gskresourcetype  "CUSTOM VALUE 7",
           'Cost Center' AS "CUSTOM LABEL 8",tbl_vsed_unvalidated.departmentnumber "CUSTOM VALUE 8",
           'Office' AS "PHONE LABEL 1",
           null as "PHONE 1 COUNTRY CODE",
           REPLACE(REPLACE(REPLACE(REPLACE(tbl_vsed_unvalidated.telephonenumber,'#',null),'-',null),' ',null),'+',null)
           AS "PHONE 1",             
           NULL as "PHONE EXTENSION 1",
           '2' AS "CASCADE 1",
           'Mobile' AS "PHONE 2 LABEL", 
           null as "PHONE 2 COUNTRY CODE",
           REPLACE(REPLACE(REPLACE(REPLACE(tbl_vsed_unvalidated.mobile,'#',null),'-',null),' ',null),'+',null)
           AS "PHONE 2",             
           NULL as "PHONE EXTENSION 2",
           '1' AS "CASCADE 2",
           'Work' AS "EMAIL LABEL 1", tbl_vsed_unvalidated.mail AS "EMAIL 1",     
           DECODE (null,tbl_vsed_unvalidated.mobile,tbl_vsed_unvalidated.mobile, 
           REPLACE(REPLACE(REPLACE(REPLACE(tbl_vsed_unvalidated.mobile,'#',null),'-',null),' 
    ',null),'+',null)||'@sms.sendwordnow.com') AS "SMS 1"      
                      FROM useradmin.VSED_UNVALIDATED_VW tbl_vsed_unvalidated
        WHERE ((((tbl_vsed_unvalidated.gskresourcetype <> 'Functional')
        OR tbl_vsed_unvalidated.gskresourcetype is null)
        AND (tbl_vsed_unvalidated.c ='US')) 
    ";

而不是:

    $query=file_get_contents(SQLQuery.sql);

这样我就可以在SQL Query的WHERE语句中引用PHP数组。我还应该提到我使用的是Oracle数据库,因此我使用的是oci而不是mysql。

2 个答案:

答案 0 :(得分:0)

您应该使用\

转义字符

答案 1 :(得分:0)

$query = <<<SQL
SELECT tbl_vsed_unvalidated.keyuid "UNIQUE ID",tbl_vsed_unvalidated.sn "LAST NAME",
           tbl_vsed_unvalidated.gskpreferredname "FIRST NAME",             
           tbl_vsed_unvalidated.initials "MIDDLE INITIAL",
           tbl_vsed_unvalidated.co "COUNTRY",-- tbl_vsed_unvalidated.preferredlanguage "PREFERRED LANGUAGE",
           tbl_vsed_unvalidated.c "CODE",
           'Business Level 1' AS "CUSTOM LABEL 1",
           tbl_vsed_unvalidated.gskglobalbusinesscategory "CUSTOM VALUE 1", 
           'Business Level 2' AS "CUSTOM LABEL 2", tbl_vsed_unvalidated.o "CUSTOM VALUE 2",
           'Business Level 3' AS "CUSTOM LABEL 3",tbl_vsed_unvalidated.ou "CUSTOM VALUE 3",
           'Department' AS "CUSTOM LABEL 4",tbl_vsed_unvalidated.gskdepartmentname "CUSTOM VALUE 4",
           'Site' AS "CUSTOM LABEL 5",tbl_vsed_unvalidated.l "CUSTOM VALUE 5", 
           'Employee ID' AS "CUSTOM LABEL 6",tbl_vsed_unvalidated.employeenumber "CUSTOM VALUE 6",
           'Resource Type' AS "CUSTOM LABEL 7",tbl_vsed_unvalidated.gskresourcetype  "CUSTOM VALUE 7",
           'Cost Center' AS "CUSTOM LABEL 8",tbl_vsed_unvalidated.departmentnumber "CUSTOM VALUE 8",
           'Office' AS "PHONE LABEL 1",
           null as "PHONE 1 COUNTRY CODE",
           REPLACE(REPLACE(REPLACE(REPLACE(tbl_vsed_unvalidated.telephonenumber,'#',null),'-',null),' ',null),'+',null)
           AS "PHONE 1",             
           NULL as "PHONE EXTENSION 1",
           '2' AS "CASCADE 1",
           'Mobile' AS "PHONE 2 LABEL", 
           null as "PHONE 2 COUNTRY CODE",
           REPLACE(REPLACE(REPLACE(REPLACE(tbl_vsed_unvalidated.mobile,'#',null),'-',null),' ',null),'+',null)
           AS "PHONE 2",             
           NULL as "PHONE EXTENSION 2",
           '1' AS "CASCADE 2",
           'Work' AS "EMAIL LABEL 1", tbl_vsed_unvalidated.mail AS "EMAIL 1",     
           DECODE (null,tbl_vsed_unvalidated.mobile,tbl_vsed_unvalidated.mobile, 
           REPLACE(REPLACE(REPLACE(REPLACE(tbl_vsed_unvalidated.mobile,'#',null),'-',null),' 
    ',null),'+',null)||'@sms.sendwordnow.com') AS "SMS 1"      
                      FROM useradmin.VSED_UNVALIDATED_VW tbl_vsed_unvalidated
        WHERE ((((tbl_vsed_unvalidated.gskresourcetype <> 'Functional')
        OR tbl_vsed_unvalidated.gskresourcetype is null)
        AND (tbl_vsed_unvalidated.c ='US')) 
SQL;

理论上应该有效(现在不能测试)

相关问题
最新问题