PHP MYSQL多个where子句但是一些where子句是NULL

时间:2018-02-20 03:37:20

标签: php mysql html5 mysqli

我有一个有8列的表(医院,房间,设备名称,供应商,品牌,数量,年份购买,nxtyrPlan)

在搜索页面中,我需要根据某些列的值对结果进行排序。

所以我打算做的是:

$keyword1 = $_POST["keyword1"];
$keyword2 = $_POST["keyword2"];
$keyword3 = $_POST["keyword3"];
$keyword4 = $_POST["keyword4"];
$keyword5 = $_POST["keyword5"];
$keyword6 = $_POST["keyword6"];
$keyword7 = $_POST["keyword7"];
$keyword8 = $_POST["keyword8"];

$sql =" SELECT * FROM equipmentTable WHERE hospital = $keyword1 AND 
WHERE room = $keyword2 AND WHERE equipmentNAME = $keyword3 AND WHERE 
supplier = $keyword4 AND WHERE brand = $keyword5 AND WHERE quantity = 
$keyword6 AND WHERE yearpurchased = $keyword7 AND WHERE nxtyrPlan = 
$keyword8";

我的问题是......有没有一种方法可以将$ keyword设为null?所以它可以忽略列中的值? 例如,用户只想过滤设备名称和供应商...因此,设备名称和供应商的关键字是根据用户期望的值设置的,但其他关键字设置为空或其关键字的值为空,因为用户只想在搜索时关注设备名称和供应商。那可能吗?如果没有,我可以使用的其他方式是什么?

3 个答案:

答案 0 :(得分:-1)

尝试类似下面的内容(这里sql注入会有问题所以必须要处理):

$sql = "SELECT * FROM equipmentTable WHERE 1=1 ";
$sql += $_POST["keyword1"] ? " AND hospital = '" + $_POST["keyword1"] "'" : "";
$sql += $_POST["keyword2"] ? " AND room = '" + $_POST["keyword2"] "'" : "";
$sql += $_POST["keyword3"] ? " AND equipmentNAME = '" + $_POST["keyword3"] "'" : "";
$sql += $_POST["keyword4"] ? " AND supplier = '" + $_POST["keyword4"] "'" : "";
$sql += $_POST["keyword5"] ? " AND brand = '" + $_POST["keyword5"] "'" : "";
$sql += $_POST["keyword6"] ? " AND quantity = '" + $_POST["keyword6"] "'" : "";
$sql += $_POST["keyword7"] ? " AND yearpurchased = '" + $_POST["keyword7"] "'" : "";
$sql += $_POST["keyword8"] ? " AND WHERE nxtyrPlan = + '" $_POST["keyword8"]"'" : "";

答案 1 :(得分:-1)

另一种方式

def get_url(s):
    #s = s.replace(" ", "")
    b = s.find('<a href=')
    if b != -1:
        return s[b + 9 : b + 9 + s[b + 9::].find('"')]
    else:
        return b

#prints all URls in HTML input
def print_all_links(s):
    i = s.count('<a href=')
    n = i
    x = ''
    while n > 0:
        x += get_url(s)
        print(x)
        s = s.replace(x, '')
        n = n-1

如果直接在SQL中使用关键字变量,您将遇到SQL注入安全问题!

答案 2 :(得分:-2)

尝试

$post = array("keyword1"=>"hospital","keyword2"=>"room",
    "keyword3"=>"equipmentNAME","keyword4"=>"supplier",
    "keyword5"=>"brand","keyword6"=>"quantity",
    "keyword7"=>"yearpurchased","keyword8"=>"nxtyrPlan");
 $where_clause = "";
 $sql = "SELECT * FROM equipmentTable ";
 foreach($post as $post => $fields)
 {
    if(isset($_POST[$post])):
        $where_clause .= " WHERE " . $fields . "=" . $_POST[$post] . " AND ";
    endif;
 }
 $where_clause  = substr($str, 0,strlen($where_clause)-4);

 $sql .= $where_clause;
相关问题
最新问题