我有以下数组,我想将它们中的每一个转换为单独的字符串。换句话说,将阵列分成几个部分。
$formatsArray = $_POST['formats'];
$topicsArray = $_POST['topics'];
这是因为我想在以下查询中包含单个字符串"
$resources = "select * from resources where
stage LIKE '%".$stage."%'
AND format LIKE '%".$formats."%'";
$run_query = mysqli_query($con, $resources);
这是因为格式需要一个单独的字符串进行比较,比如让我们假设数组是["video", "blogs", "articles"],如果要将格式与video,blogs,articles进行比较,它就不会起作用,而是视频,博客或文章。
我希望这是明确的,如有任何澄清,请提供建议。
一切顺利,
更新
$formats = explode(',', $formatsArray);
$topics = explode(',', $topicsArray);
$resources = "select * from resources where
stage LIKE '%".$stage."%'
AND format LIKE '%".$formats."%' AND topic LIKE '%".$topics."%' ";
更新
$run_query = mysqli_query($con, $resources);
while($row = mysqli_fetch_array($run_query)) {
$data[] = array(
'format' => $row['format'],
'title' => $row['title'],
'costs' => $row['cost'],
'stage' => $row['stage'],
'topic' => $row['topic'],
'link' => $row['link']
);
}
更新
include('db.php');
$query = 'select * from resources where ';
$query .= 'stage LIKE :stage and';
$execute[':stage'] = '%' . $stage . '%';
if(!empty($_POST['formats'])){
foreach($_POST['formats'] as $key => $format) {
$query .= 'format LIKE :format' . $key . ' and ';
$execute[':format' . $key] = '%' . trim($format) . '%';
}
}
if(!empty($_POST['topics'])){
foreach($_POST['topics'] as $key => $topic) {
$query .= 'topic LIKE :topic' . $key . ' and ';
$execute[':topic' . $key] = '%' . trim($topic) . '%';
}
}
$query = rtrim($query, ' and ');
if(!empty($execute)) {
$stmt = $con->prepare($query);
$stmt->execute($execute);
} else {
echo 'You must search for something';
}
while($row = mysqli_fetch_array($query)) {
$data[] = array(
'format' => $row['format'],
'title' => $row['title'],
'costs' => $row['cost'],
'stage' => $row['stage'],
'topic' => $row['topic'],
'link' => $row['link']
);
}
答案 0 :(得分:1)
无视准备好的陈述的必要性,你可以这样做:
$formats = implode('","', $formatsArray);
$topics = implode('","', $topicsArray);
$resources = "select * from resources where
stage LIKE '%".$stage."%'
AND format IN(".$formats.") AND topic IN(\"".$topics."\") ";
当你"每个数组时,在每个,之前和之后添加implode,你的数组就会变得如此。
video","blogs","articles
因此,我们需要将"添加到每个IN列表的开头和结尾。这将使最终查询如下:
select * from resources where
stage LIKE '%".$stage."%'
AND format IN("video","blogs","articles") AND ...
答案 1 :(得分:1)
我认为这样做会。这也将通过使用准备好的陈述解决注入漏洞。
$query = 'select * from resources where ';
if(!empty($_POST['formats'])){
foreach($_POST['formats'] as $key => $format) {
$query .= 'stage LIKE :stage' . $key . ' or ';
$execute[':stage' . $key] = '%' . trim($format) . '%';
}
}
if(!empty($_POST['topics'])){
foreach($_POST['topics'] as $key => $topic) {
$query .= 'topic LIKE :topic' . $key . ' or ';
$execute[':topic' . $key] = '%' . trim($topic) . '%';
}
}
$query = rtrim($query, ' or ');
if(!empty($execute)) {
echo $query;
print_r($execute);
//$stmt = $mysqli->prepare($query);
//$stmt->execute($execute);
} else {
echo 'You must search for something';
}
为您提供
的查询select * from stage LIKE:stage0或stage LIKE:stage1或topic LIKE:topic0或topic LIKE:topic1或topic LIKE:topic2或topic LIKE:topic3
和绑定值:
Array
(
[:stage0] => %test%
[:stage1] => %test1%
[:topic0] => %value1%
[:topic1] => %value2%
[:topic2] => %value3%
[:topic3] => %value4%
)
这是我认为数据配对时的初始代码。
foreach($formats as $key => $format) {
$topic = $topics[$key];
$query .= '(stage LIKE :stage' . $key . ' and topic LIKE :topic' . $key . ') or ';
$execute[':stage' . $key] = '%' . trim($format) . '%';
$execute[':topic' . $key] = '%' . trim($topic) . '%';
}
准备好的陈述的一些链接:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
http://php.net/manual/en/mysqli.prepare.php
http://php.net/manual/en/mysqli-stmt.execute.php