5

我使用具有 6 个标准的 html 表单,$_POST在变量中使用 lat 的转换标准,如下所示:

案例 1 - 所有条件都是默认
$core = null; $mhz = null; $ram = null; $cam = null; $mAh = null $screen = null
的正确的 sql 查询是这样的:
$sql = "SELECT * FROM $tbl_name ORDER BY performanta_cpu_core DESC, performanta_cpu DESC, performanta_rami DESC LIMIT $start, $limit";

案例 2 - 仅设置一个条件
$core = null; $mhz = "performanta_cpu=1400"; $ram = null; $cam = null; $mAh = null $screen = null
正确查询是这样的:
$sql = "SELECT * FROM $tbl_name WHERE $mhzz ORDER BY performanta_cpu_core DESC, performanta_cpu DESC, performanta_rami DESC LIMIT $start, $limit";

案例 3 - 这是设置的所有或多个标准的问题:
$core = 2; $mhz = "performanta_cpu=1400"; $ram = "performanta_rami=1024"; $cam = "camera_spate=3.2"; $mAh = "baterie_mAh=2250"; $screen = "densitate=441";

我知道我需要在WHERE设置任何变量时使“”成为动态和可见的,并且我还需要一个“ AND”也动态地像:

$sql = "SELECT * FROM $tbl_name WHERE $core AND $mhzz ORDER BY performanta_cpu_core DESC, performanta_cpu DESC, performanta_rami DESC LIMIT $start, $limit";
我为此压力了一个星期,没有帮助我无法前进......

提前致谢

4

5 回答 5

2

免责声明:这是一个糟糕的代码,有上百万种更好的方法可以做到这一点,但是,这是最简单的解释。

$parameters = array();
if(!empty($core)){
$parameters['core'] = $core;
}
if(!empty($mhz)){
$parameters['mhz'] = $mhz;
}
if(!empty($ram)){
$parameters['ram'] = $ram;
}
if(!empty($cam)){
$parameters['cam'] = $cam;
}
if(!empty($mAh)){
$parameters['mAh'] = $mAh;
}
if(!empty($screen)){
$parameters['screen'] = $screen;
}

$sql = "SELECT * FROM $tbl_name WHERE 1=1 ";
foreach($parameters as $k=>$v){
 $sql .= " AND ".$k."='".$v."'";
}
$sql .=  " ORDER BY performanta_cpu_core DESC, performanta_cpu DESC, performanta_rami DESC LIMIT $start, $limit";

// All of those parameters should be sanitized to prevent SQL injection.
// mysql_* is deprecated, use mysqli_* or PDO.
于 2013-03-08T22:32:41.210 回答
2

格式精美的问题..做得好。

我很可能误解了这个问题,但是我认为您是在问如何动态构建查询。也许你不知道你连接字符串?

例如。

if ($core != null) {$query.= 'AND core ='.$core;}

我希望这能让你朝着正确的方向前进。

于 2013-03-08T22:33:31.080 回答
2

从查询的开头开始,为了使命令更容易构建,请添加“始终为真”的 WHERE 条件:

$sql = "SELECT * FROM $tbl_name WHERE 1=1";

然后检查您的变量并根据需要添加到 WHERE 条件(AND 之前的空格非常重要):

if ($core) $sql .= " AND performanta_cpu_core = '$core'";
if ($mhz) $sql .= " AND whatever = '$mhz'";
... and so on for the other four variables

然后附加您的 ORDER BY 和 LIMIT 就完成了(ORDER BY 之前的空格非常重要):

$sql .= " ORDER BY performanta_cpu_core DESC, performanta_cpu DESC, performanta_rami DESC LIMIT $start, $limit";

此外,正如 Mahmut 指出的那样,你不能拥有WHERE $mhz,你必须拥有WHERE your-column-name = $mhz

确保首先从 MySQL 命令行或 WorkBench 尝试查询。这将帮助您处理语法,包括哪些列需要单引号,哪些不需要。

这不是组装查询的理想方式,但它会起作用,而且看起来您刚刚开始使用 PHP/MySQL,因此无需一次性投入太多。

于 2013-03-08T22:41:10.430 回答
2 
$parameters = array();
if(!empty($core)){
    $parameters[] = "core = '$core'";
}
if(!empty($mhz)){
    $parameters[] = "mhz = '$mhz'";
}
if(!empty($ram)){
    $parameters[] = "ran = '$ram'";
}
if(!empty($cam)){
    $parameters[] = "cam = '$cam'";
}
if(!empty($mAh)){
    $parameters[] = "mAh = '$mAh'";
}
if(!empty($screen)){
    $parameters[] = "screen = $screen";
}

if (empty($parameters)) {
   $whereclause = "";
} else {
   $whereclause = "WHERE " . join(' AND ', $parameters);
}

$sql = "SELECT * FROM $tbl_name $whereclause ORDER BY performanta_cpu_core DESC, performanta_cpu DESC, performanta_rami DESC LIMIT $start, $limit";
于 2013-03-08T22:42:34.467 回答
2

您可以使用array_filterandimplode来构建您的where子句

$conditions = array_filter(array($core, $mhz, $ram, $cam, $mAh, $screen));
$clause = implode(' and ', $conditions);

这将所有非空元素保留为$conditions,然后将它们与and. 然后,您可以将其用作

'... where ' . $clause . '...'
于 2013-03-08T22:47:19.903 回答