我有7个搜索参数,但下面的代码只显示了两个,标题和类型。
我们希望让我们的用户能够搜索7个参数中的任何一个。
他们也应该能够通过多个参数进行搜索。
我如何调整下面的代码以使用动态$ where子句?
例如,用户可以选择类型='某些值'。
用户还应该能够选择类型='某些值'和title ='某些价值'。
提前谢谢。
function ms_escape_string($data) {
if ( !isset($data) or empty($data) ) return '';
if ( is_numeric($data) ) return $data;
$non_displayables = array(
'/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15
'/%1[0-9a-f]/', // url encoded 16-31
'/[\x00-\x08]/', // 00-08
'/\x0b/', // 11
'/\x0c/', // 12
'/[\x0e-\x1f]/' // 14-31
);
foreach ( $non_displayables as $regex )
$data = preg_replace( $regex, '', $data );
$data = str_replace("'", "''", $data );
return $data;
}
$strprojectTitle = null;
$strbidType = null;
if(isset($_POST["projectTitle"]))
{
$strprojectTitle = $_POST["projectTitle"];
}
if(isset($_POST["BidType"]))
{
$strbidType = $_POST["BidType"];
}
?>
<?php
$sql = "Select b.ID,convert(char(10),b.BidDate,101) BidDate,convert(char(10),
b.DueDate,101)DueDate,b.BidTitle,b.DueTime,b.BidID,BidIDFile,
d.Department,b.BidType,CASE WHEN b.AwardDate ='01/01/1900' Then NULL ELSe convert(char(10),b.AwardDate,101)END AS AwardDate,
convert(char(10),b.LastUpdate,101) LastUpdate,s.Status
FROM bids b inner join dept d on b.Department=d.DeptID inner join Status s on b.BidStatus=s.StatusId WHERE b.BidTitle = ' . ms_escape_string($strprojectTitle) . ' OR b.BidType = ' . ms_escape_string($strbidType) . ' ";
/// ****最新尝试
$fields = array(
'projectTitle' => 'b.BidTitle',
'BidType' => 'b.BidType'
);
$where = array();
foreach($fields as $fieldPost => $fieldDb) {
if(isset($_POST[$fieldPost]) && strlen($_POST[$fieldPost]) > 0) {
$where[] = "`$fieldDb` = '$_POST[$fieldPost]'";
}
}
$sql = "Select b.ID,convert(char(10),b.BidDate,101) BidDate,convert(char(10),
b.DueDate,101)DueDate,b.BidTitle,b.DueTime,b.BidID,BidIDFile,
d.Department,b.BidType,CASE WHEN b.AwardDate ='01/01/1900' Then NULL ELSe convert(char(10),b.AwardDate,101)END AS AwardDate,
convert(char(10),b.LastUpdate,101) LastUpdate,s.Status
FROM bids b inner join dept d on b.Department=d.DeptID inner join Status s on b.BidStatus=s.StatusId
" . ( count($where) > 0 ? " WHERE " . implode(' AND ', $where) : "" );
答案 0 :(得分:0)
在代码中删除此部分:
$strprojectTitle = null;
$strbidType = null;
if(isset($_POST["projectTitle"]))
{
$strprojectTitle = $_POST["projectTitle"];
}
if(isset($_POST["BidType"]))
{
$strbidType = $_POST["BidType"];
}
并将其替换为下面的一个,这样可以动态地构建WHERE条件:
## easily add here the fields you have
$fields = array(
'projectTitle' => 'b.BidTitle',
'BidType' => 'b.BidType'
);
$where = array();
foreach($fields as $fieldPost => $fieldDb) {
if(isset($_POST[$fieldPost]) && strlen($_POST[$fieldPost]) > 0) {
$where[] = "`$fieldDb` = '" . ms_escape_string($_POST[$fieldPost]) . "'";
}
}
## Use the $where array in your final SQL query
## important to test if count($where) > 0 in case no search has been made
$sql = "SELECT ..... " . ( count($where) > 0 ? " WHERE " . implode(' AND ', $where) : "" );
通过支持多种搜索类型(例如搜索比较器:LIKE%..%和=)来构建WHERE字符串的更高级示例
## support multiple search comparators
$fields = array(
'projectTitle' => array('field' => 'b.BidTitle', 'searchType' => 'like'),
'BidType' => array('field' => 'b.BidType', 'searchType' => 'equal')
);
$where = array();
foreach($fields as $fieldPost => $field) {
if(isset($_POST[$fieldPost]) && strlen($_POST[$fieldPost]) > 0) {
if($field['searchType'] == 'like') {
$where[] = "`".$field['field']."` LIKE '%" . ms_escape_string($_POST[$fieldPost]) . "%'";
} else {
$where[] = "`".$field['field']."` = '" . ms_escape_string($_POST[$fieldPost]) . "'";
}
}
}