我正在编写一个PHP脚本,它接受一个包含bookTypeID参数的JSON请求。
此bookTypeID参数可以包含整数值(例如1,2,3,4)或字符串值" all"。
我使用此参数作为SQL查询的WHERE子句的输入。
我希望我的查询说SELECT name FROM books WHERE $bookTypeID,如果$bookTypeID是一个整数,它会正常工作,但我不知道在案例中传递给WHERE子句的正确值其中JSON参数的值为" all"。我想要的东西本质上是说"忽略WHERE子句"。
我希望这是有道理的。我在下面发布了我的代码的简化版本:
<?php
include 'db_conf.php';
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_errno) {
printf("Connect failed: %s\n", $conn->connect_error);
exit();
}
$content = file_get_contents('php://input');
$json = json_decode($content, true);
$bookTypeIDString = $json["bookTypeID"];
$bookTypeID;
switch($bookTypeIDString){
case "all":
$bookTypeID = "all"; // IS THERE A VALUE HERE THAT I CAN PASS TO AN SQL QUERY TO RETURN EVERYTHING? i.e. IGNORE THE WHERE CLAUSE COMPLETELY?
break;
default:
$bookTypeID = $bookTypeIDString;
}
$query = "SELECT name FROM books WHERE booktype = $bookTypeID";
$result = $conn->query($query);
$data = array();
while ($row = $result->fetch_array(MYSQLI_ASSOC)) {
$data[] = $row;
}
echo json_encode($data);
$conn->close();
?>
更新:这是一个简化的例子,用于询问我的问题。在实践中,我有大约50个通过JSON传递的参数,所以我想避免使用条件PHP构建SQL语句。我希望我能传递一个SQL值,它将返回所有内容。
答案 0 :(得分:4)
您可以根据$ bookTypeID的输入/类型来更改SQL查询。所以如果需要,只需附加where claus。
这样,您就不必更改数据库字段,并使此工作流程保持一致。
if($bookTypeID == 'all') {
$query = "SELECT name FROM books";
} else {
$query = "SELECT name FROM books WHERE booktype = $bookTypeID";
}
答案 1 :(得分:1)
完全删除WHERE是最好的。
只是为了好玩,你可以做到
case "all":
$bookTypeID = "booktype";
break;
以便SQL最终为
WHERE booktype = booktype
与
相同WHERE booktype IS NOT NULL
这可能适合你。
基本上,你在这里注入SQL(表明这个JSON数据不能来自不受信任的输入)。
答案 2 :(得分:1)
使用以下方式更新您的开关案例和查询字符串
$where = '';
switch($bookTypeIDString){
case "all":
$bookTypeID = "all"; // IS THERE A VALUE HERE THAT I CAN PASS TO AN SQL QUERY TO RETURN EVERYTHING? i.e. IGNORE THE WHERE CLAUSE COMPLETELY?
break;
default:
$bookTypeID = $bookTypeIDString;
$where = "WHERE booktype = $bookTypeID";
}
$query = "SELECT name FROM books ".$where;
或者您可以使用
$where = '';
if($bookTypeID != 'all') {
$where = "WHERE booktype = $bookTypeID";
}
$query = "SELECT name FROM books ".$where;
希望你理解它为bookTypeID的where子句,否则所有只有make和$ where子句并且如果条件在$ where
中的所有其他where子句中追加为空答案 3 :(得分:0)
使用类似的东西。 在这里,我们替换整个where子句 - &gt;如果“全部”则没有where子句 如果“bookTypeId”,那么我们使用where子句
switch($bookTypeIDString){
case "all":
$bookTypeID = "";
break;
default:
$WhereStting = "WHERE booktype = $bookTypeIDString";
}
$query = "SELECT name FROM books $WhereStting";
答案 4 :(得分:0)
Where子句用于过滤数据,在您的情况下,您使用bookTypeID进行过滤,因为您不需要添加where子句。为此,您可以通过子查询分隔查询并使用php连接它。 请查看所有
的更正 <?php
include 'db_conf.php';
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_errno) {
printf("Connect failed: %s\n", $conn->connect_error);
exit();
}
$content = file_get_contents('php://input');
$json = json_decode($content, true);
$bookTypeIDString = $json["bookTypeID"];
$bookTypeID;
switch($bookTypeIDString){
case "all":
$bookTypeID = "all"; // IS THERE A VALUE HERE THAT I CAN PASS TO AN SQL QUERY TO RETURN EVERYTHING? i.e. IGNORE THE WHERE CLAUSE COMPLETELY?
$where_clause = " ";
break;
default:
$bookTypeID = $bookTypeIDString;
$where_clause = " WHERE booktype = $bookTypeID";
}
$query = "SELECT name FROM books".$where_clause;
$result = $conn->query($query);
$data = array();
while ($row = $result->fetch_array(MYSQLI_ASSOC)) {
$data[] = $row;
}
echo json_encode($data);
$conn->close();
?>
答案 5 :(得分:0)
实际上,您可能不需要在PHP代码中使用额外的逻辑来执行此操作。你可以说
UploadFiles(files: File[]): Promise.IThenable<any> {
return this.Post("/Payment/files" , {
data: {
files: files
},
headers: {
"Content-Type": "multipart/form-data; boundary=gc0p4Jq0M2Yt08jU534c0p",
"Content-Disposition": "form-data; name=Foo",
}
});
}
答案 6 :(得分:0)
如果您想要所有记录,则无需使用 WHERE 子句。
但如果您需要具有指定SET bookTypeId的记录,则可以使用 IN 。
喜欢
$ query =&#34; SELECT name FROM books WHERE booktype IN(&#39; 1&#39;,&#39; 2&#39;,&#39; 3&#39;,&#39; 4& #39;,&#39; 5&#39;)&#34 ;;