0

我正在尝试学习如何根据用户选择填充数据的表单字段动态生成 mysql 查询。为了使学习过程尽可能简单,我使用了一个简单的表单,其中包含用户名字和姓氏的字段。代码的基本(非动态)版本如下:

<html>
<head>

<title>Untitled</title>

</head>
<body>

<form method="post" name="test" action="dynamic_search.php">
<input type="text" name="first_name">
<input type="text" name="last_name">
<input type="submit" value="Submit">

</form>

<?php

$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];

include "link.php";

$query = "SELECT * FROM members " .
     "WHERE first_name = '$first_name' " .
     "AND last_name = '$last_name' ";

$result = mysql_query($query) 
or die(mysql_error());

$row = mysql_fetch_array($result);
$member_id = $row['member_id'];
$member_first_name = $row['first_name'];
$member_last_name = $row['last_name'];

echo $member_id;
echo $member_first_name;
echo $member_last_name;

?>
</body>
</html>

我需要做的是根据提交的数据生成查询。因此,如果用户只输入他们的名字,查询将显示为:

$query = "SELECT * FROM members " .
     "WHERE first_name = '$first_name' ";

但是,如果用户同时输入他们的名字和姓氏,则查询将显示为:

$query = "SELECT * FROM members " .
     "WHERE first_name = '$first_name' " .
     "AND last_name = '$last_name' ";

任何帮助(或者如果有人可以为我指出一个好的教程)将不胜感激!

谢谢!

4

3 回答 3

1

您可以使用 PHP 检查输入并在必要时附加到查询中。

$query = "SELECT * FROM members ";
$query .= "WHERE first_name = '$first_name' ";
if($last_name!="")
    $query .="AND last_name = '$last_name' ";

记得使用 real_escape_string 转义字符串

$first_name = mysql_real_escape_string($_POST['first_name']);

如果您想检查名字:

$query = "SELECT * FROM members ";
if($first_name!=""){
    $query .= "WHERE first_name = '$first_name' ";
    if($last_name!="")
        $query .="AND last_name = '$last_name' ";
}
else{
    if($last_name!="")
        $query .="WHERE last_name = '$last_name' ";
}
于 2013-06-27T02:01:07.677 回答
1

首先,不要mysql_*在新代码中使用函数。它们不再被维护并被正式弃用。看到红框了吗?改为了解准备好的语句,并使用PDOMySQLi -本文将帮助您决定使用哪个。如果您选择 PDO,这里有一个很好的教程。(信用

其次,注意始终避免包含在 SQL 语句中的用户输入。准备好的语句会自动为您处理这个问题。

话虽如此,您所追求的 PHP 逻辑是这样的:

<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");

$first_name = $mysqli->real_escape_string($_POST['first_name']);
$last_name  = $mysqli->real_escape_string($_POST['last_name']);

$sql = "SELECT * FROM members WHERE 1";
if (! empty($first_name)) {
    $sql .= " AND first_name = '$first_name'";
}
if (! empty($last_name)) {
    $sql .= " AND last_name = '$last_name'";
}
于 2013-06-27T02:07:18.110 回答
0

So if you want to generate MySQL queries based on form entries you might look into this functional generator below:

Php Sql Query Builder

https://github.com/nilportugues/php-sql-query-builder

This allows you to take your form results and its field names(or ids) and code it into the query builder to generate your requested query!

One bit of advice is to make sure that your field names match your table column names. This will make your process more seamless.

For example. In your case (assuming that your columns names match your form names and your table is named "members"):

<?php
use NilPortugues\Sql\QueryBuilder\Builder\GenericBuilder;

$builder = new MySqlBuilder(); // <-- use MySqlBuilder

$query = $builder->select()
    ->setTable('members')
    ->setColumns(['first_name','last_name','email']); // <-- Form names
     
echo $builder->write($query);  
?>

This will output:

SELECT members.first_name, members.last_name, members.email FROM members

Wha la!

Did are many complex queries that you can generate on the developer's GitHub page.

于 2020-10-26T15:36:19.297 回答