我需要为这3个信息创建过滤功能:用户的类别,价格和折扣,以便将1个信息或任何2个信息一起过滤,或者将所有3个信息一起过滤。
我使用此方法过滤单个信息并成功显示结果,但当我尝试使用此方法过滤任何2或3个信息时,它无法过滤所有内容。
<?php
//filter category only
if (isset($_GET['f_category']) && $_GET['f_category'] != ""){
$f_category = $_GET['f_category'];
$sql = "SELECT * FROM post_ads WHERE sup_category='$f_category'";
}
//filter price only
if (isset($_GET['min_price']) && $_GET['min_price'] != "" && $_GET['max_price'] && $_GET['max_price'] != "") {
$min_price = $_GET['min_price'];
$max_price = $_GET['max_price'];
$sql = "SELECT * FROM post_ads WHERE sup_price>='$min_price' AND sup_price<='$max_price'";
}
// filter discount only
if (isset($_GET['f_discount']) && $_GET['f_discount'] != ""){
$f_discount = $_GET['f_discount'];
$sql = "SELECT * FROM post_ads WHERE sup_discount='$f_discount'";
}
//filter category and price
if (isset($_GET['f_category']) && $_GET['f_category'] != "" || $_GET['min_price'] && $_GET['min_price'] != "" && $_GET['max_price'] && $_GET['max_price'] != ""){
$f_category = $_GET['f_category'];
$min_price = $_GET['min_price'];
$max_price = $_GET['max_price'];
$sql = "SELECT * FROM post_ads WHERE sup_category='$f_category'
AND sup_price>='$min_price' AND sup_price<='$max_price'";
}
//filter category and discount
if (isset($_GET['f_category']) && $_GET['f_category'] != "" || $_GET['f_discount']
&& $_GET['f_discount'] != ""){
$f_category = $_GET['f_category'];
$f_discount = $_GET['f_discount'];
$sql = "SELECT * FROM post_ads WHERE sup_category='$f_category'
AND sup_discount='$f_discount'";
}
if(isset($sql)){
$result = mysql_query($sql, $con1);
while($rows=mysql_fetch_array($result))
{
//display results
}
}?>
我可以知道问题是什么,我该如何解决?
答案 0 :(得分:1)
您可以根据原始条件将每个子句添加到数组中,并在最后将它们组合在一起。
<?php
$clauses=array();
if( isset( $_GET['f_category'] ) && !empty( $_GET['f_category'] ) ){
$clauses[] = "`sup_category` = '{$_GET['f_category']}'";
}
if ( isset( $_GET['min_price'], $_GET['max_price'] ) && !empty( $_GET['min_price'] ) && !empty( $_GET['max_price'] ) ) {
$clauses[]="`sup_price` >= '{$_GET['min_price']}'";
$clauses[]="`sup_price` <= '{$_GET['max_price']}'";
}
if ( isset( $_GET['f_discount'] ) && !empty( $_GET['f_discount'] ) ){
$clauses[]="`sup_discount` = '{$_GET['f_discount']}'";
}
$where = !empty( $clauses ) ? ' where '.implode(' and ',$clauses ) : '';
$sql = "SELECT * FROM `post_ads` " . $where;
echo $sql;
if(isset($sql)){
$result = mysql_query($sql, $con1);
while($rows=mysql_fetch_array($result)){
/*display results*/
}
}
?>
使用此网址运行上述(已编辑的版本)
https://locahost/stack/sql?f_category=bananas&min_price=200&max_price=500&f_discount=32
会产生如下查询:
SELECT * FROM `post_ads` where `sup_category` = 'bananas'
and `sup_price` >= '200' and `sup_price` <= '500' and `sup_discount` = '32'
这一切都说 - 没有关心你的代码非常容易受到sql注入 - 不推荐使用mysql_*函数套件,强烈建议不要使用它们。在进入太深之前,请使用mysqli切换到prepared statements - 避免心痛' - )
答案 1 :(得分:0)
我认为您的网址格式如下:
1&GT; example.com?f_category=test //仅选择f_category过滤器时
2 - ; example.com?f_category=test&min_price=50 //选择f_category和min_price为过滤器时。等等......
因此,您只需将其编码为:
<?php
$querySubString = "1 = 1";
if (isset($_GET['f_category']) && $_GET['f_category'] != ""){
$f_category = $_GET['f_category'];
$querySubString .= " AND sup_category = '$f_category' ";
}
if (isset($_GET['min_price']) && $_GET['min_price'] != ""){
$min_price = $_GET['min_price'];
$querySubString .= "AND sup_price >= '$min_price' ";
}
if (isset($_GET['max_price']) && $_GET['max_price'] != ""){
$max_price = $_GET['max_price'];
$querySubString .= "AND sup_price <= '$max_price' ";
}
if (isset($_GET['f_discount']) && $_GET['f_discount'] != ""){
$f_discount = $_GET['f_discount'];
$querySubString .= " AND sup_discount= '$f_discount' ";
}
$sql = "SELECT * FROM post_ads WHERE $querySubString ";
if(isset($sql)){
$result = mysql_query($sql, $con1);
while($rows=mysql_fetch_array($result))
{
//display results
}
?>
答案 2 :(得分:0)
为简单起见,请重写代码,使其首先处理输入,然后构建查询。这使得我们双方都更具可读性,您很可能会在此过程中解决您的问题。
此外,请不要使用mysql_,它不安全,已被mysqli_方法取代。