根据复选框筛选mysql结果
我试图根据勾选的复选框过滤mysql结果。我的查询在第一次检查时有效,但在第二次筛选时不返回任何内容。我的复选框数组是$_POST['country'],我在GetSQLValueString函数中内爆它以创建逗号分隔的值-(英国、法国)等。我使用MySQL in子句进行多选 我需要它来过滤多个国家/地区选择根据复选框筛选mysql结果,mysql,Mysql,我试图根据勾选的复选框过滤mysql结果。我的查询在第一次检查时有效,但在第二次筛选时不返回任何内容。我的复选框数组是$_POST['country'],我在GetSQLValueString函数中内爆它以创建逗号分隔的值-(英国、法国)等。我使用MySQL in子句进行多选 我需要它来过滤多个国家/地区选择 if (isset($_POST['country_submit']) && $_POST['country'] != '') { mysql_select_
if (isset($_POST['country_submit']) && $_POST['country'] != '') {
mysql_select_db($database_tub, $tub);
$query_trade = sprintf("
SELECT u.user_id,
u.contact_person,
u.company,
u.country,
u.pic_small,
u.website,
SUM(u.trader_or_bond = %s
AND t.user_id IS NOT NULL) AS count
FROM users u
LEFT JOIN trading t ON u.user_id = t.user_id
WHERE u.trader_or_bond = %s AND u.country IN(%s)
GROUP BY u.user_id
ORDER BY COUNT(t.user_id) DESC",
GetSQLValueString('trader', "text"),
GetSQLValueString('trader', "text"),
GetSQLValueString(implode(',', $_POST['country']), "text"));
$trade = mysql_query($query_trade, $tub) or die(mysql_error());
}
我已经想到了这一点,但不确定MySQL注入是否安全,加上它没有我想要的那么干净
if (isset($_POST['country_submit']) && $_POST['country'] != '') {
$SingleQuotes = "'".implode("', '", array_map('mysql_real_escape_string', $_POST['country']))."'";
mysql_select_db($database_tub, $tub);
$query_trade = sprintf("
SELECT u.user_id,
u.contact_person,
u.company,
u.country,
u.pic_small,
u.website,
SUM(u.trader_or_bond = %s
AND t.user_id IS NOT NULL) AS count
FROM users u
LEFT JOIN trading t ON u.user_id = t.user_id
WHERE u.trader_or_bond = %s AND u.country IN($SingleQuotes)
GROUP BY u.user_id
ORDER BY COUNT(t.user_id) DESC",
GetSQLValueString('trader', "text"),
GetSQLValueString('trader', "text"));
$trade = mysql_query($query_trade, $tub) or die(mysql_error());
}
$\u POST['country']是一个字符串数组(不是数字)吗?如果是这样,
u.country IN(%s)u.country IN(英国、法国)u.country IN(“英国”、“法国”)