0

我最初有这个工作:

网址:http://server/blah.php?FacilityCode=FT

$facilitycode = mysql_real_escape_string($_GET["FacilityCode"]);
$sql = "SELECT ..." .
       "FROM ..." .
       "WHERE ..." .
       "AND ('" . $facilitycode . "' = '' OR Facility.FacilityCode = '". $facilitycode . "')";
$result = mysql_query($sql);

但我想改变这一点,以便人们可以在查询中以某种方式提交多个值,即:http://server/blah.php?FacilityCode=FT,CC,DD,EE

我尝试将查询更改为“IN”子句而不是“等于”,但我不确定如何在每个元素周围获取 ' 标记。

4

5 回答 5

2

使用implode()IN (...) 的函数。

$a = array('AB', 'CD', 'EF', 'ZE');
echo "field IN ('" . implode("', '", $a) . "')";

...将输出:

field IN ('AB', 'CD', 'EF', 'ZE')

+逃避你得到的每一个选择。

于 2012-09-26T22:22:58.323 回答
0 
$facilitycode = mysql_real_escape_string($_GET["FacilityCode"]);
$array=explode(',',$facilitycode);
foreach ($array as $a){$output.="'$a',";}
$clause=substr($output,0,-1);
于 2012-09-26T22:23:16.530 回答
0

如果您尝试创建一个如下所示的字符串:'AB'、'CD'、'EF'、'ZE'

在将其放入查询之前尝试此操作:

$facilitycode = preg_replace('/([^,]+)/', '\'$1\'', $facilitycode);
于 2012-09-26T22:30:48.297 回答
0

我根据你的查询写了这个,但我仍然没有得到这部分查询“AND('”。$facilitycode。“'=''”,无论如何你需要检查$_GET数据是否有“,”如果确实爆炸该变量由“,”,以便您可以为 $_GET 数据中由“,”分隔的所有内容添加 OR 分句。

之后,只需对爆炸数组中的每个元素执行 foreach 即可形成您的查询,如下所示:

<?php

$facilitycode = $_GET["FacilityCode"];

$facility_number_chk = strpos($facilitycode, ",");

if ($facility_number_chk > -1) {

    $facilitycode = explode(",", $facilitycode);

    $sql = "SELECT ..." .
    "FROM ..." .
    "WHERE ..." .
    "AND ('" . $facilitycode . "' = ''";

    foreach($facilitycode as $facode) {

        $facode = mysql_real_escape_string($facode);

        $sql .= " OR Facility.FacilityCode = '". $facode . "'";

    }

    $sql .= "')";

}
else {

    $facilitycode = mysql_real_escape_string($facilitycode);

    $sql = "SELECT ..." .
    "FROM ..." .
    "WHERE ..." .
    "AND ('" . $facilitycode . "' = '' OR Facility.FacilityCode = '". $facilitycode . "')";

}

$result = mysql_query($sql);

如果 $_GET 数据中只有一个元素,请像我对常规查询所做的那样执行 else 。

于 2012-09-26T22:34:44.703 回答
0

我最终使用了几个答案的组合。基本上我在“,”上爆炸了,然后做了一个foreach来添加'标记并调用escape_string,然后将它内爆回来。

$facilitycodes = $_GET["FacilityCode"];
if ($facilitycodes == '') {
  $additionalfilter = '';
}
else {
  $facilitycodearray = explode(",", $facilitycodes);
  foreach($facilitycodearray as &$facilitycode) {
    $facilitycode = "'" . mysql_real_escape_string($facilitycode) . "'";
  }
  $facilitycodesformatted = implode(",", $facilitycodearray);
  $additionalfilter = " AND Facility.FacilityCode IN (" . $facilitycodesformatted . ")";
}

$sql = "SELECT ..." .
"FROM ..." .
"WHERE ..." .
$additionalfilter;
于 2012-09-27T00:52:05.940 回答