Php 将多个查询字符串参数转换为mysql查询_Php_Mysql_Query String

Php 将多个查询字符串参数转换为mysql查询

php mysql

Php 将多个查询字符串参数转换为mysql查询,php,mysql,query-string,Php,Mysql,Query String,我最初的工作是： url:http://server/blah.php?FacilityCode=FT $facilitycode = mysql_real_escape_string($_GET["FacilityCode"]); $sql = "SELECT ..." . "FROM ..." . "WHERE ..." . "AND ('" . $facilitycode . "' = '' OR Facility.FacilityCode = '

我最初的工作是：

url:

http://server/blah.php?FacilityCode=FT

$facilitycode = mysql_real_escape_string($_GET["FacilityCode"]);
$sql = "SELECT ..." .
       "FROM ..." .
       "WHERE ..." .
       "AND ('" . $facilitycode . "' = '' OR Facility.FacilityCode = '". $facilitycode . "')";
$result = mysql_query($sql);

但我想改变这一点，以便人们可以在查询中以某种方式提交多个值，即：

http://server/blah.php?FacilityCode=FT，CC，DD，EE

我尝试将查询更改为“IN”子句而不是“equals”，但我不确定如何获得每个元素周围的“marks”。

使用

内爆（）

函数for IN（…）

。。。将输出：

field IN ('AB', 'CD', 'EF', 'ZE')

+转义您得到的每个选项。

如果您试图创建一个如下所示的字符串：“AB”、“CD”、“EF”、“ZE”

$facilitycode = mysql_real_escape_string($_GET["FacilityCode"]);
$array=explode(',',$facilitycode);
foreach ($array as $a){$output.="'$a',";}
$clause=substr($output,0,-1);

在将其放置在查询中之前，请尝试以下操作：

$facilitycode = preg_replace('/([^,]+)/', '\'$1\'', $facilitycode);

我是根据您的查询编写的，但是我仍然没有得到查询的这一部分“AND”（“$facilitycode.”“=”），无论如何，您需要检查$\u get data是否有“，”以及是否将该变量分解为“，”，以便您可以为$\u get data中以“，”分隔的所有内容添加OR子句

之后，只需对分解数组中的每个元素执行foreach，形成查询，如下所示：

<?php

$facilitycode = $_GET["FacilityCode"];

$facility_number_chk = strpos($facilitycode, ",");

if ($facility_number_chk > -1) {

    $facilitycode = explode(",", $facilitycode);

    $sql = "SELECT ..." .
    "FROM ..." .
    "WHERE ..." .
    "AND ('" . $facilitycode . "' = ''";

    foreach($facilitycode as $facode) {

        $facode = mysql_real_escape_string($facode);

        $sql .= " OR Facility.FacilityCode = '". $facode . "'";

    }

    $sql .= "')";

}
else {

    $facilitycode = mysql_real_escape_string($facilitycode);

    $sql = "SELECT ..." .
    "FROM ..." .
    "WHERE ..." .
    "AND ('" . $facilitycode . "' = '' OR Facility.FacilityCode = '". $facilitycode . "')";

}

$result = mysql_query($sql);

我最终使用了几个答案的组合。基本上，我在“，”上分解，然后用foreach添加“marks and call escape_”字符串，然后将其内爆
$facilitycodes = $_GET["FacilityCode"];
if ($facilitycodes == '') {
  $additionalfilter = '';
}
else {
  $facilitycodearray = explode(",", $facilitycodes);
  foreach($facilitycodearray as &$facilitycode) {
    $facilitycode = "'" . mysql_real_escape_string($facilitycode) . "'";
  }
  $facilitycodesformatted = implode(",", $facilitycodearray);
  $additionalfilter = " AND Facility.FacilityCode IN (" . $facilitycodesformatted . ")";
}

$sql = "SELECT ..." .
"FROM ..." .
"WHERE ..." .
$additionalfilter;

$facilitycode=“””。内爆（“，”，分解（“，”，mysql_real_escape_string（$\u GET['facilitycode']））。“”
另外，你应该摆脱旧的传统的mysql_Ucode>函数。改用PDO
。更具体地说，我写了几分钟的代码，没有测试它。它只是作为解决这个问题的一个可能方向的指导。我刚才看到了和（“$facilitycode.”=''；
，其中，$facilitycode
是数组，因此输出为和（'array'=''”；。
$facilitycodes = $_GET["FacilityCode"];
if ($facilitycodes == '') {
  $additionalfilter = '';
}
else {
  $facilitycodearray = explode(",", $facilitycodes);
  foreach($facilitycodearray as &$facilitycode) {
    $facilitycode = "'" . mysql_real_escape_string($facilitycode) . "'";
  }
  $facilitycodesformatted = implode(",", $facilitycodearray);
  $additionalfilter = " AND Facility.FacilityCode IN (" . $facilitycodesformatted . ")";
}

$sql = "SELECT ..." .
"FROM ..." .
"WHERE ..." .
$additionalfilter;