2

我的代码在这里:

$array_letter = array("A","B","C","Ç","D","E","F","G","H","I","İ","J","K","L",
                      "M","N","O","P","R","S","Ş","T","U","Ü","V","Y","Z");

$sql = "SELECT id,city  FROM city WHERE city LIKE '" .$array_letter[$i]."%'";

在这些代码之后:

for ($i=0;$i<27;$i++) {
$result = mysql_query($sql);
while ($row = mysql_fetch_array($result)) {

 echo "<h3>".$row['city']."</h3>";

   }    
}

$sql 没有意义,因为$array_letter[$i]在那里不起作用。但是 $sql 必须在这些代码的顶部进行设计。因为我编码switch-case statement。根据要求,$sql会改这个原因我不能写下$sqlfor循环。但我所有的查询都取决于$array_letter. 我怎样才能$array_letter工作?

4

3 回答 3

4

您应该使用mysqli驱动程序和准备好的语句:

$st = $mysqli->prepare("SELECT id,city FROM city WHERE city LIKE ?'");
for ($i=0;$i<27;$i++) {
  $st->bind_param("s", $array_letter[$i].'%');
  $st->execute();
  $result = $st->get_result();

  while ($row = $result->fetch_assoc()) {
    echo "<h3>".$row['city']."</h3>";
  }  
}

虽然对于这种情况,我建议只做一个大查询,因为看起来你得到了一切:SELECT id,city FROM city ORDER BY city......

出于教育目的,另一种方法是执行以下操作:

$sql = "SELECT * FROM foo WHERE bar='%s'";
mysql_query(sprintf($sql, "42"));

这在其他情况下可能很有用,但同样,如果您正在编写 SQL,请使用准备好的语句,因为它们可以更优雅地解决这个问题,并提供额外的保护,帮助防止 SQL 注入攻击并最大限度地减少服务器必须执行的 SQL 解析量.

于 2012-05-19T14:02:44.727 回答
1

正如马修在他的回答中提到的那样,您应该使用准备好的陈述。

否则考虑这个(使用 PHP 5.3 闭包):

$sql = function($i) use ($array_letters) {
    return "SELECT id,city  FROM city WHERE city LIKE '" .$array_letter[$i]."%'";
}

然后在你的循环中:

mysql_query($sql($i));
于 2012-05-19T14:07:58.580 回答
0

这将有助于减少数据库调用。

$array_letter = array("A","B","C","Ç","D","E","F","G","H","I","İ","J","K","L",
                  "M","N","O","P","R","S","Ş","T","U","Ü","V","Y","Z");
for($i=0;$i<count($array_letter);$i++){
if($i!=count($array_letter)-1)
$qstring.="city like '".$array_letter[$i]."%' or ";
 else
$qstring.="city like '".$array_letter[$i]."%'";
}
$sql = "SELECT id,city  FROM city WHERE ".$qstring;
$result = mysql_query($sql);
while ($row = mysql_fetch_array($result)) {
echo "<h3>".$row['city']."</h3>";
  }
于 2012-05-19T14:24:08.243 回答