Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/241.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
php中的动态sql搜索_Php_Mysql - Fatal编程技术网
Fatal编程技术网
  • php/
  • php中的动态sql搜索

php中的动态sql搜索

php mysql

php中的动态sql搜索,php,mysql,Php,Mysql,正在尝试创建动态搜索功能 目标:允许用户通过电子邮件搜索,如果不为空,如果为空,则按姓氏搜索,如果两者均为空,则按两者搜索,等等 我知道我可以编写描述每个场景的if语句,而不是在此基础上插入SQL命令,问题是能否以更简单的方式处理这个问题。谢谢你的帮助 当前函数设置没有或跨越所有字段,值来自$\u POST: find_transaction($email,$last_name,$first_name, $transaction_id) { GLOBAL $connection;

正在尝试创建动态搜索功能

目标:允许用户通过电子邮件搜索,如果不为空,如果为空,则按姓氏搜索,如果两者均为空,则按两者搜索,等等

我知道我可以编写描述每个场景的if语句,而不是在此基础上插入SQL命令,问题是能否以更简单的方式处理这个问题。谢谢你的帮助

当前函数设置没有或跨越所有字段,值来自$\u POST:

find_transaction($email,$last_name,$first_name, $transaction_id) 
{
    GLOBAL $connection;

    $query  = "SELECT * ";
    $query .= "FROM transactions WHERE ";
    $query .= "email='{$email}' ";
    $query .= "OR last_name='{$last_name}' ";
    $query .= "OR first_name='{$first_name}' ";
    $query .= "OR transaction_id='{$transaction_id}' ";
    $query .= "ORDER BY date DESC";
    $email = mysqli_query($connection,$query);

    confirm_query($email);
    return $email;

}
更好地使用数据交互表:

它很有用而且没有SQL注入:祝你好运

我一直都这么做,工作不算太多。基本上,使用一系列if语句,基于POST变量动态构建WHERE语句

例如:

$where_statement = "";

// First variable so is simpler check.
if($email != ""){
    $where_statement = "WHERE email = '{$email}'";
}


// Remaining variables also check if '$where_statement' has anything in it yet.
if($last_name != ""){
    if($where_statement == ""){
        $where_statement = "WHERE last_name = '{$last_name}'";
    }else{
        $where_statement .= " OR last_name = '{$last_name}'";
    }
}

// Repeat previous 'last_name' check for each remain variable.
SQL语句将更改为:

$query = "SELECT * FROM transactions
              $where_statement
              ORDER BY date DESC";
现在,SQL将只包含过滤器,具体取决于存在的值,因此,如果有人输入电子邮件,它将生成:

$query = "SELECT * FROM transactions
              WHERE email = 'smith@email.com'
              ORDER BY date DESC";

$query = "SELECT * FROM transactions
              WHERE last_name = 'Smith'
              ORDER BY date DESC";

$query = "SELECT * FROM transactions
              WHERE email = 'email@email.com' OR last_name = 'Smith'
              ORDER BY date DESC";
如果他们只输入姓氏,则会生成:

$query = "SELECT * FROM transactions
              WHERE email = 'smith@email.com'
              ORDER BY date DESC";

$query = "SELECT * FROM transactions
              WHERE last_name = 'Smith'
              ORDER BY date DESC";

$query = "SELECT * FROM transactions
              WHERE email = 'email@email.com' OR last_name = 'Smith'
              ORDER BY date DESC";
如果两者都放在一起,将产生:

$query = "SELECT * FROM transactions
              WHERE email = 'smith@email.com'
              ORDER BY date DESC";

$query = "SELECT * FROM transactions
              WHERE last_name = 'Smith'
              ORDER BY date DESC";

$query = "SELECT * FROM transactions
              WHERE email = 'email@email.com' OR last_name = 'Smith'
              ORDER BY date DESC";
等等等等

您可以在此处添加任意多的变量,基本上,如果特定变量不是空的,它会将其添加到$where_语句中,并且根据$where_语句中是否有任何内容,它会决定以=where开始,或追加。=或注意“=”和“或”之前的空格。

我看不出这是如何解决这个问题的?您刚刚提供了一个指向javascript库的链接。请您至少提供一些信息,说明为什么或如何回答这个问题!谢谢谢谢你,这正是我想要的。很高兴它帮了我的忙。在将筛选器应用于报表时,我经常使用此技术。。那些意味着这应该是公认的答案?