Question

以下是我在搜索表单中发布的变量：

$city = $_REQUEST['city'];
$location = $_REQUEST['location'];
$bedrooms = $_REQUEST['noofbedrooms'];
$addeddate = $_REQUEST['addeddate'];
$minprice = $_REQUEST['pricefrom'];
$maxprice = $_REQUEST['priceto'];
$minarea = $_REQUEST['areafrom'];
$maxarea = $_REQUEST['areato'];
$propertytype = $_REQUEST['proptype'];

到目前为止一切顺利。现在我需要一些针对以下场景的好建议。几乎我所在领域的每个元素都是可选的。这意味着我可以在上面的变量中得到空值。

我应该如何为上述变量创建mysql查询。在案例可以是我为每个场景使用条件。例如

if($city=="")
  $query="";
elseif($location=="")
  $query="";
and so on....

我需要一些专业的方法。

Answer 1

如果所有查询部分都以相同的方式构建：WHERE fieldname='fieldvalue'，您可以使用基于循环的惰性方法：

$conditions = array();

foreach (array("city", "location", "noofbedrooms") as $field) 
           // ^ add all fields as needed
 {
   // Check whether parameter was passed at all
   if (!array_key_exists($field, $_POST)) continue;

   // Check whether parameter is empty
   if (!empty($_POST[$field]))
    $conditions[]="`$field` = ".mysql_real_escape_string($_POST[$field]);  
                                // ^ or whatever your database library 
                                //   does for escaping  

 }

 $query = "SELECT * from table where ".implode(" AND ", $conditions);

Answer 2

你可以做这样的事情

$where = array();

if(strcmp($_REQUEST['city'], "")){
    $where[] = "SEARCH_COLUMN = '" . $_REQUEST['city'] . "'";
}
if(strcmp($_REQUEST['location'], "")){
    $where[] = "SEARCH_COLUMN = '" . $_REQUEST['location'] . "'";
}
if(strcmp($_REQUEST['noofbedrooms'], "")){
    $where[] = "SEARCH_COLUMN = '" . $_REQUEST['noofbedrooms'] . "'";
}
if(strcmp($_REQUEST['addeddate'], "")){
    $where[] = "SEARCH_COLUMN = '" . $_REQUEST['addeddate'] . "'";
}
if(strcmp($_REQUEST['pricefrom'], "")){
    $where[] = "SEARCH_COLUMN = '" . $_REQUEST['pricefrom'] . "'";
}
...... // check for all the fields

when create the SQL using 

$SQL = implode(" OR ", $where);

之后你就可以在某些SQL上使用它了

"SELECT * FROM WHERE {$SQL}";

Answer 3

$city      = mysql_real_escape_string($_REQUEST['city']);
$location  = mysql_real_escape_string($_REQUEST['location']);
$bedrooms  = mysql_real_escape_string($_REQUEST['noofbedrooms']);
$addeddate = mysql_real_escape_string($_REQUEST['addeddate']);
$minprice  = mysql_real_escape_string($_REQUEST['pricefrom']);
$maxprice  = mysql_real_escape_string($_REQUEST['priceto']);
$minarea   = mysql_real_escape_string($_REQUEST['areafrom']);
$maxarea   = mysql_real_escape_string($_REQUEST['areato']);



$query = 'SELECT * FROM hotels WHERE 1 = 1 ';

$query .= strlen($city)     ? ' AND city = "'.$city.'"'         : '';
$query .= strlen($location) ? ' AND location = "'.$location.'"' : '';
$query .= strlen($bedrooms) ? ' AND bedrooms = "'.$bedrooms.'"' : '';
// ... do it for all params ...

echo $query;

Answer 4

我在上面回答说，我认为你的字段是可选的，你不需要使用SQL和，有些somtimes =也不是那么好，你可以在大多数情况下使用LIKE，如位置，价格可以是“＆gt; =”等请注意。

Answer 5

这样的事情应该做：

$fields = array('city', 'location' /* ... */);
$conditions = array();

foreach ($fields as $field) {
    if (!empty($_REQUEST[$field])) {
        $conditions[] = 'column LIKE "%'.mysql_real_escape_string($_REQUEST[$field]).'%"';
    }
}

$query = 'SELECT row FROM table WHERE '.implode(' OR ', $conditions);

您需要对其进行调整以满足您的需求（例如OR或AND）。

php搜索帮助

5 个答案: