0

示例:用户填写除产品名称以外的所有内容。

我需要搜索提供的内容,所以在这种情况下,除了productName=

此示例可以用于任何输入组合。

有没有办法做到这一点?

谢谢。

    $name = $_POST['n'];
    $cat = $_POST['c'];
    $price = $_POST['p'];

if( !($name) )
{
    $name = some character to select all?
}


$sql = "SELECT * FROM products WHERE productCategory='$cat' and   
productName='$name' and productPrice='$price' ";

EDIT
解决方案不必保护免受攻击。具体来看它的动态部分。

4

1 回答 1

2

就像是

$where_array = array();

if( isset($_POST['n']) )$where_array[] = "productName = '{$_POST['n']}'";
if( isset($_POST['c']) )$where_array[] = "productCategory '{$_POST['c']}'";
if( isset($_POST['p']) )$where_array[] = "productPrice = '{$_POST['p']}'";

    $where_stmt = implode( ' and ', $where_array  );
    if( $where_stmt )  
    {
    $sql = "SELECT * FROM products WHERE $where_stmt ";
//run query
    }
于 2012-06-25T03:06:32.190 回答