PHP MySQL如何在许多类别中进行搜索

Question

我想搜索很多类别。

// print_r($category) = Array ( [0] => 23 [1] => 24 [2] => 25 [3] => 26 [4] => 27 [5] => 28 [6] => 29 )
// 


         $tab = implode(' OR ', $category);

         $sql = "SELECT * FROM files WHERE name LIKE '%$what%' AND category = $tab ORDER BY name DESC LIMIT $from , $how_much";

我有错误的结果。如果删除AND category = $tab，我将得到正确的结果。

Answer 1

$sql = "SELECT * FROM files WHERE name LIKE '%$what%' AND category IN ($tab) ORDER BY name DESC LIMIT $from , $how_much";

您必须使用“ IN”。

我必须添加，如果您不使用参数化查询或PDO，那么您容易受到SQL注入漏洞的侵害！

https://www.php.net/manual/en/pdo.prepared-statements.php

How can I prevent SQL injection in PHP?