Php 将多个查询字符串参数转换为mysql查询
我最初的工作是: url:Php 将多个查询字符串参数转换为mysql查询,php,mysql,query-string,Php,Mysql,Query String,我最初的工作是: url:http://server/blah.php?FacilityCode=FT $facilitycode = mysql_real_escape_string($_GET["FacilityCode"]); $sql = "SELECT ..." . "FROM ..." . "WHERE ..." . "AND ('" . $facilitycode . "' = '' OR Facility.FacilityCode = '
http://server/blah.php?FacilityCode=FT
$facilitycode = mysql_real_escape_string($_GET["FacilityCode"]);
$sql = "SELECT ..." .
"FROM ..." .
"WHERE ..." .
"AND ('" . $facilitycode . "' = '' OR Facility.FacilityCode = '". $facilitycode . "')";
$result = mysql_query($sql);
但我想改变这一点,以便人们可以在查询中以某种方式提交多个值,即:http://server/blah.php?FacilityCode=FT,CC,DD,EE
我尝试将查询更改为“IN”子句而不是“equals”,但我不确定如何获得每个元素周围的“marks”。使用内爆()
函数for IN(…)
。。。将输出:
field IN ('AB', 'CD', 'EF', 'ZE')
+转义您得到的每个选项。如果您试图创建一个如下所示的字符串:“AB”、“CD”、“EF”、“ZE”
$facilitycode = mysql_real_escape_string($_GET["FacilityCode"]);
$array=explode(',',$facilitycode);
foreach ($array as $a){$output.="'$a',";}
$clause=substr($output,0,-1);
在将其放置在查询中之前,请尝试以下操作:
$facilitycode = preg_replace('/([^,]+)/', '\'$1\'', $facilitycode);
我是根据您的查询编写的,但是我仍然没有得到查询的这一部分“AND”(“$facilitycode.”“=”),无论如何,您需要检查$\u get data是否有“,”以及是否将该变量分解为“,”,以便您可以为$\u get data中以“,”分隔的所有内容添加OR子句 之后,只需对分解数组中的每个元素执行foreach,形成查询,如下所示:
<?php
$facilitycode = $_GET["FacilityCode"];
$facility_number_chk = strpos($facilitycode, ",");
if ($facility_number_chk > -1) {
$facilitycode = explode(",", $facilitycode);
$sql = "SELECT ..." .
"FROM ..." .
"WHERE ..." .
"AND ('" . $facilitycode . "' = ''";
foreach($facilitycode as $facode) {
$facode = mysql_real_escape_string($facode);
$sql .= " OR Facility.FacilityCode = '". $facode . "'";
}
$sql .= "')";
}
else {
$facilitycode = mysql_real_escape_string($facilitycode);
$sql = "SELECT ..." .
"FROM ..." .
"WHERE ..." .
"AND ('" . $facilitycode . "' = '' OR Facility.FacilityCode = '". $facilitycode . "')";
}
$result = mysql_query($sql);
我最终使用了几个答案的组合。基本上,我在“,”上分解,然后用foreach添加“marks and call escape_”字符串,然后将其内爆
$facilitycodes = $_GET["FacilityCode"];
if ($facilitycodes == '') {
$additionalfilter = '';
}
else {
$facilitycodearray = explode(",", $facilitycodes);
foreach($facilitycodearray as &$facilitycode) {
$facilitycode = "'" . mysql_real_escape_string($facilitycode) . "'";
}
$facilitycodesformatted = implode(",", $facilitycodearray);
$additionalfilter = " AND Facility.FacilityCode IN (" . $facilitycodesformatted . ")";
}
$sql = "SELECT ..." .
"FROM ..." .
"WHERE ..." .
$additionalfilter;
$facilitycode=“””。内爆(“,”,分解(“,”,mysql_real_escape_string($\u GET['facilitycode']))。“”
另外,你应该摆脱旧的传统的mysql_Ucode>函数。改用PDO
。更具体地说,我写了几分钟的代码,没有测试它。它只是作为解决这个问题的一个可能方向的指导。我刚才看到了和(“$facilitycode.”='';
,其中,$facilitycode
是数组,因此输出为和('array'=''”;
。
$facilitycodes = $_GET["FacilityCode"];
if ($facilitycodes == '') {
$additionalfilter = '';
}
else {
$facilitycodearray = explode(",", $facilitycodes);
foreach($facilitycodearray as &$facilitycode) {
$facilitycode = "'" . mysql_real_escape_string($facilitycode) . "'";
}
$facilitycodesformatted = implode(",", $facilitycodearray);
$additionalfilter = " AND Facility.FacilityCode IN (" . $facilitycodesformatted . ")";
}
$sql = "SELECT ..." .
"FROM ..." .
"WHERE ..." .
$additionalfilter;