简化SQL查询的PHP脚本

时间:2011-09-27 23:34:23

标签: php mysql arrays str-replace simplify

我是一名自学成才的初学程序员。最近我一直在研究PHP脚本,用用户输入的关键字查询数据库。我想出来的东西似乎要比它需要的复杂得多,所以我想知道是否有一种方法可以简化我所写的内容。如果您有任何其他问题或需要更多代码,请与我们联系。谢谢!

    $types = array();
    if(!empty($_GET['location_id']) && isset($_GET['location_id'])) $types[] = "groups.location_id = " . str_replace(' ', '%', $_GET['location_id']) . " ";
    if(!empty($_GET['season_id']) && isset($_GET['season_id'])) $types[] = "seasons.season_id = " . str_replace(' ', '%', $_GET['season_id']) . " ";
    if(!empty($_GET['event']) && isset($_GET['event'])) $types[] = "(`event` LIKE '%" . str_replace(' ', '%', $_GET['event']) . "%' OR `note` LIKE '%" . str_replace(' ', '%', $_GET['event']) . "%') ";
    if(!empty($_GET['place']) && isset($_GET['place'])) $types[] = "`place` LIKE '%" . str_replace(' ', '%', $_GET['place']) . "%' ";
    if(!empty($_GET['city']) && isset($_GET['city'])) $types[] = "`city` LIKE '%" . str_replace(' ', '%', $_GET['city']) . "%' ";
    if(!empty($_GET['state_abbr']) && isset($_GET['state_abbr'])) $types[] = "`state_abbr` LIKE '%" . str_replace(' ', '%', $_GET['state_abbr']) . "%' ";
    if(!empty($_GET['weekday']) && isset($_GET['weekday'])) $types[] = "(`weekday` LIKE '%" . str_replace(' ', '%', $_GET['weekday']) . "%' OR `through_weekday` LIKE '%" . str_replace(' ', '%', $_GET['weekday']) . "%') ";
    if(!empty($_GET['month']) && isset($_GET['month'])) $types[] = "`month` LIKE '%" . str_replace(' ', '%', $_GET['month']) . "%' ";
    if(!empty($_GET['day']) && isset($_GET['day'])) $types[] = "(`day` LIKE '%" . str_replace(' ', '%', $_GET['day']) . "%' OR `through_day` LIKE '%" . str_replace(' ', '%', $_GET['day']) . "%') ";
    if(!empty($_GET['year']) && isset($_GET['year'])) $types[] = "`year` LIKE '%" . str_replace(' ', '%', $_GET['year']) . "%' ";

2 个答案:

答案 0 :(得分:2)

由于您的WHERE条件非常不同,因此无法减少代码中的行数,但每行可能会略短。您还希望通过mysql_real_escape_string()传递提交的变量,以防止SQL injection攻击。

您可以在循环中准备所有变量,这样就不必在每一行上运行mysql_real_escapestr_replace

foreach ($_GET as $key => $val) {
  $_GET[$key] = mysql_real_escape_string(str_replace(' ', '%', $val));
}

我觉得对isset()的调用有点多余,所以在你运行循环之后,每一行看起来都像这样:

if (!empty($_GET['year'])) 
  $types[] = "`year` LIKE '%" . $_GET['year'] . "%' ";

答案 1 :(得分:0)

只是一个想法..这可能会使代码更加清晰,而且SQL编写起来非常容易。

将此代码用于测试目的: 

 $_GET['event']='jut for test';
 $_GET['place']='jut for test'; 
 $_GET['city']='jut for test'; 
 $_GET['state_abbr']='jut for test'; 
 $_GET['weekday']='jut for test'; 
 $_GET['month']='jut for test'; 
 $_GET['day']='jut for test';  
 $_GET['year']='jut for test';

然后在下面,输入实际代码: 

$queryTmplArr=Array("(`@field` LIKE '%@value%' OR `note` LIKE '%@value%') ",
"`@field` LIKE '%@value%' ","`@field` LIKE '%@value%' ","`@field` LIKE '%@value%' ",
"(`@field` LIKE '%@value%' OR `through_weekday` LIKE '%@value%') ",
"`@field` LIKE '%@value%' ","(`@field` LIKE '%@value%' OR `through_day` LIKE '%@value%') ",
"`@field` LIKE '%@value%' ");

$i=0;
foreach($_GET as $key =>$rawData)
{
     $cleanData= mysql_real_escape_string( str_replace(' ', '%', $rawData) ) ;   
     $queryTmplArr[$i]=str_replace('@value', $cleanData, $queryTmplArr[$i]);
     $queryTmplArr[$i]=str_replace('@field', $key, $queryTmplArr[$i]);
     $i++;
}

再次进行测试: 

echo '<pre>';
print_r($queryTmplArr );

这将输出: 

Array
(
    [0] => (`event` LIKE '%jut%for%test%' OR `note` LIKE '%jut%for%test%') 
    [1] => `place` LIKE '%jut%for%test%' 
    [2] => `city` LIKE '%jut%for%test%' 
    [3] => `state_abbr` LIKE '%jut%for%test%' 
    [4] => (`weekday` LIKE '%jut%for%test%' OR `through_weekday` LIKE '%jut%for%test%') 
    [5] => `month` LIKE '%jut%for%test%' 
    [6] => (`day` LIKE '%jut%for%test%' OR `through_day` LIKE '%jut%for%test%') 
    [7] => `year` LIKE '%jut%for%test%' 
)

这可以吗?

相关问题
最新问题