Fatal编程技术网
  • php/
  • Php 动态MySQLi查询字符串";及;附属物

Php 动态MySQLi查询字符串";及;附属物

php dynamic

Php 动态MySQLi查询字符串";及;附属物,php,dynamic,mysqli,Php,Dynamic,Mysqli,我的网站有一个动态查询(用于搜索功能)。它基于用户输入动态地构建查询 $query = "SELECT * FROM talents WHERE "; if(!empty($_POST['firstName'])){ $query = $query . "firstName = '" . $_POST['firstName'] . "' AND "; } if(!empty($_POST['lastName'])){ $query = $query . "lastName =

我的网站有一个动态查询(用于搜索功能)。它基于用户输入动态地构建查询

$query = "SELECT * FROM talents WHERE ";

if(!empty($_POST['firstName'])){
    $query = $query . "firstName = '" . $_POST['firstName'] . "' AND ";
}

if(!empty($_POST['lastName'])){
    $query = $query . "lastName = '" . $_POST['lastName'] . "' AND ";
}

if(!empty($_POST['gender'])){
    $query = $query . "gender = '" . $_POST['gender'] . "' AND ";
}


if(!empty($_POST['eyeColor'])){
    $query = $query . "eyeColor = '" . $_POST['eyeColor'] . "' AND ";
}

if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] != "High"){
    $query = $query . "height BETWEEN '" . $_POST['heightLow'] . "' AND '" . $_POST['heightHigh'] . "' AND ";
}else if($_POST['heightLow'] != "Low" && $_POST['heightHigh'] == "High"){
    $query = $query . "height = '" . $_POST['heightLow'] . "' AND ";
}

if(!empty($_POST['hairColor'])){
    $query = $query . "hairColor = '" . $_POST['hairColor'] . "' AND ";
}

if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] != "High"){
    $query = $query . "weight BETWEEN '" . $_POST['weightLow'] . "' AND '" . $_POST['weightHigh'] . "' AND ";
}else if($_POST['weightLow'] != "Low" && $_POST['weightHigh'] == "High"){
    $query = $query . "weight = '" . $_POST['weightLow'] . "' AND ";
}

if(!empty($_POST['dressSize'])){
    $query = $query . "dressSize = '" . $_POST['dressSize'] . "' AND ";
}

if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] != "High"){
    $query = $query . "chest BETWEEN '" . $_POST['chestLow'] . "' AND '" . $_POST['chestHigh'] . "' AND ";
}else if($_POST['chestLow'] != "Low" && $_POST['chestHigh'] == "High"){
    $query = $query . "chest = '" . $_POST['chestLow'] . "' AND ";
}

if(!empty($_POST['shoeSize'])){
    $query = $query . "shoeSize = '" . $_POST['shoeSize'] . "' AND ";
}

if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] != "High"){
    $query = $query . "waist BETWEEN '" . $_POST['waistLow'] . "' AND '" . $_POST['waistHigh'] . "' AND ";
}else if($_POST['waistLow'] != "Low" && $_POST['waistHigh'] == "High"){
    $query = $query . "waist = '" . $_POST['waistLow'] . "' AND ";
}

if($_POST['hipsLow'] != "Low" && $_POST['hipsHigh'] != "High"){
    $query = $query . "hips BETWEEN '" . $_POST['hipsLow'] . "' AND '" . $_POST['hipsHigh'] . "' ";
}else if($_POST['hipsLow'] != "Low" && $_POST['hipsigh'] == "High"){
    $query = $query . "hips = '" . $_POST['hipsLow'] . "' ";
}
首先,忽略冗长的本质-这是一个阿尔法开始工作。后面的代码很漂亮。其次,
High
Low
变量引用范围搜索(例如,5'3和5'9之间的高度)

这是我的问题;
!按照我的方式,如果
hips
输入有问题,它就会工作,而不是出错。但是,不可能预测用户将在哪里停止

这是一个非常常见的功能,我很惊讶这不容易在互联网上找到。有什么快速的想法吗?

将您的条件保存到
数组中,而不是像这样保存到
字符串中


$query = array();
$query[] = "weight = '" . $_POST['weightLow'];


然后
内爆
它与


$final_query = implode(' AND ', $query);



将条件保存到
数组中,而不是像这样保存到
字符串中


$query = array();
$query[] = "weight = '" . $_POST['weightLow'];


然后
内爆
它与


$final_query = implode(' AND ', $query);



我有个主意,清理你的输入。不要在查询中直接传递$\u POST['xxx']

至少,用mysql\u real\u escape\u string()包装它。不过,您最好使用PHP的PDO

你逃跑后,它就会开始工作。您可能还想考虑<代码> $Queq= rTrimm($Qualy,and))< /C> >然后继续在查询结束时放置“and”。
示例(未测试):


我有个主意,清理你的输入。不要在查询中直接传递$\u POST['xxx']

至少,用mysql\u real\u escape\u string()包装它。不过,您最好使用PHP的PDO

你逃跑后,它就会开始工作。您可能还想考虑<代码> $Queq= rTrimm($Qualy,and))< /C> >然后继续在查询结束时放置“and”。
示例(未测试):


有助于阅读所有内容,
rtrim(…)
成功了!快速简单,我喜欢。我确实有一个免责声明开始|有助于阅读所有内容,
rtrim(…)
成功了!快速简单,我喜欢。我确实有一个免责声明开始|你的想法很好,但是
rtrim(…)
正是我想要的。@Christopher你想要的是substr()或这个基于内爆()的答案。因为rtrim的工作方式与您的想法不同。您的想法很好,但
rtrim(…)
正是我要找的。@Christopher您在寻找substr()或这个基于内爆()的答案。因为rtrim的工作方式与您的想法不同。