0

我有一个可以搜索数据库的网页。用户可以搜索 5 个不同的字段,页面通过帖子发送输入。命中搜索时,某些字段可以为空。是否有一个不错的选择语句我可以使用而不是一大堆 if 语句。

$Country = $_POST['Country'];
$Gender = $_POST['Gender'];
$lastName = $_POST['lastName'];
$firstName = $_POST['firstName'];
$sport = $_POST['sport'];   

//selects sport and country
    if  (($lastName == null) && ($firstName == null) && ($Gender == null))
    {
    $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON          (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (name = '$Country') AND (sport ='$sport') ";
    }


  //selects country and gender and sport
  if (($lastName == null) && ($firstName == null))
    {

        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (name = '$Country') AND (gender ='$Gender') AND (sport = '$sport')";
    }


    //selects country and last and first name
    else if ($Gender == null)
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (name = '$Country') AND (firstName LIKE '%$firstName%') AND (lastName LIKE '%$lastName%') AND (sport = '$sport') ";
    }

    //selects sport, gender, last name and country 
    else if  ($firstName == null)
    {
    $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (name = '$Country') AND (sport ='$sport') AND (gender ='$Gender') AND (lastName LIKE '%$lastName%') ";
    }

    //selects sport, gender, first name and country 
    else if  ($lastName == null)
    {
    $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (name = '$Country') AND (sport ='$sport') AND (gender ='$Gender') AND (firstName LIKE '%$firstName%') ";
    }

    //selects just country
 if (($Gender == null) && ($lastName == null) && ($firstName == null) && ($sport == null))
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE  (name ='$Country') ";
    }


         //selects just sport
     else if (($lastName == null) && ($firstName == null) && ($Gender == null) && ($Country == 'country'))
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (sport = '$sport') ORDER BY sport ";
    }

         //selects just last name
     else if (($sport == null) && ($firstName == null) && ($Gender == null) && ($Country == 'country'))
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (lastName = '$lastName') ORDER BY sport ";
    }

    //selects gender and last name
    else if (($Country == 'country') && ($firstName == null))
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (lastName LIKE '%$lastName%') AND (gender LIKE '%$Gender%') AND (sport = '$sport') ";

    }


    //selects gender and first name
    else if (($Country == 'country') && ($lastName == null))
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (firstName LIKE '%$firstName%') AND (gender = '$Gender') AND (sport = '$sport')  ";

    }


    //selects country, sport and first name
    else if (($Gender == null) && ($lastName == null))
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (firstName LIKE '%$firstName%') AND (sport = '$sport') AND (name = '$Country') ";

    }


    //selects last name, sport and first name
    else if (($Gender == null) && ($Country == 'country'))
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (firstName LIKE '%$firstName%') AND (sport = '$sport') AND (lastName LIKE '%$lastName%') ";

    }
    // selects sport and gender
    else if (($Country == null) && ($lastName == null) && ($firstName == null)) 
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (gender = '%Gender%') AND (sport = '$sport') ";
    }

    // selects gender
    else if (($Country == null) && ($lastName == null) && ($firstName == null) && ($sport == null ) ) 
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (gender = '%Gender%')  ";
    }

    // selects country and last name 
    else if (($Gender == null) && ($firstName == null ) && ($sport == null))
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE  (name = '$Country') AND (lastName LIKE '%$lastName%') ";
    }


    // selects country and first name 
else  if (($Gender == null) && ($lastName == null ) && ($sport == null))
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE  (name = '$Country') AND (firstName LIKE '%$firstName%') ";
    }


        // selects all
    else if (($Gender == null) && ($firstName == null ) && ($sport == null) && ($lastName == null) && ($Country == 'country') )
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode )";
    }
    // selects if all feilds full
    else 
    {
        $selectString = "SELECT * FROM tblCountry JOIN tblAthletes ON (tblAthletes.countryCode = tblCountry.countryCode ) WHERE (name = '$Country') AND (gender ='$Gender') AND (lastName LIKE '%$lastName%') AND (firstName LIKE '%$firstName%') ORDER BY lastName ";
    }

    $result = mysql_query($selectString);


    while($row = mysql_fetch_assoc($result))
    {
    echo"<tr>";
        foreach($row as $index=>$value)
        {
            if(($index == 'flagImage')||($index == 'atheleteImage'))
            {
                //Gets images
                echo"<td><img title='competitor' alt='' src='images/$value' width='80' height='80'/></td>";
            }
         else
            {
                echo("<td>$value</td>");
            }
        }
    echo"</tr>";
    }
    echo"</table>";
    echo"</div>";

}
4

2 回答 2

1

尝试类似的东西

SELECT
    *
FROM
    your_table_here
WHERE
        (('' = :country) OR country = :country)
    AND (('' = :gender) OR gender = :gender)
    AND (('' = :lastName) OR lastName = :lastName)
    AND (('' = :firstName) OR firstName = :firstName)
    AND (('' = :sport) OR sport = :sport)
;

您可以调整它以检查 NULL 值而不是空字符串,使用 IS_NULL(:country) 等代替 '' = :country。

而且,当然:记住要清理您的数据库输入。

编辑: 使用 IS NULL:

SELECT
    *
FROM
    your_table_here
WHERE
        (IS NULL(:country) OR country = :country)
    AND (IS NULL(:gender) OR gender = :gender)
    AND (IS NULL(:lastName) OR lastName = :lastName)
    AND (IS NULL(:firstName) OR firstName = :firstName)
    AND (IS NULL(:sport) OR sport = :sport)

;

于 2012-09-09T23:48:48.180 回答
0

是的。

SELECT `Country`, `Gender`, `lastName`, `firstName`, `sport` FROM TABLE_NAME WHERE Country='$country'...etc

确保您使用的是mysqliPDO。遗留mysql功能存在重大安全漏洞。

于 2012-09-09T23:48:56.463 回答