1. 首頁
  2. 問答
  3. 如何從這個變量中創建一個變量?

如何從這個變量中創建一個變量?

2014-02-25 98 views
-2

最佳,如何從這個變量中創建一個變量?

我布西製作一個網站,但有一點持有我.. 我必須做一個真正的長期搜索查詢,並且我有此PHP代碼:

if($_GET['genre']) { 
echo 'SELECT * FROM movies WHERE `genre1` = '; 
foreach($_GET['genre'] as $genre) 
{ 
$genres = array("Actie", "Animatie", "Avontuur", "Documentaire", "Drama", "Erotiek", "Familie", "Fantasy", "Film", "Horror", "Komedie", "Misdaad", "Muziek", "Mystery", "Oorlog", "Roadmovie", "Romantiek", "Sciencefiction", "Thriller", "Western"); 
if (!in_array($genre, $genres)) 
{ 
header('location: ?error=1'); 
} 
echo " '".$genre."' OR `genre2` = '".$genre."'"; if(end($_GET['genre']) !== $genre) 
{ 
echo ' OR `genre1` = '; 
} 
} 
echo " AND `year` > '".$_GET['year1']."' AND `year` < '".$_GET['year2']."';"; 
} 
else 
{ 
echo "SELECT * FROM movies WHERE `year` > '".$_GET['year1']."' AND `year` < '".$_GET['year2']."';"; 
}

在這樣的URL:

127.0.0.1/querygenerator.php?genre%5B3%5D=Avontuur&genre%5B4%5D=Documentaire&genre%5B6%5D=Erotiek&year1=1900&year2=2014

,並將其輸出是這樣的:

SELECT * FROM movies WHERE `genre1` = 'Avontuur' OR `genre2` = 'Avontuur' OR `genre1` = 'Documentaire' OR `genre2` = 'Documentaire' OR `genre1` = 'Erotiek' OR `genre2` = 'Erotiek' AND `year` > '1900' AND `year` < '2014';

所以,我的問題是,我怎樣才能讓一個PHP變量出這整個,所以我可以運行查詢? 我可以用file_get_contents來做到這一點,但這不是很安全,我猜..

謝謝! - 卡里姆

來源

2014-02-25 user3351731

+4

要傳輸數據庫查詢的請求URL的一部分?別!當然,不是像你一樣逃避請求參數。這是您打開的一英里寬的安全問題!閱讀「sql注入」和「準備好的語句」或至少「逃脫」。 – arkascha

+1

我不確定你想要什麼,但是你可以用'$ yourVar ='替換'echo'並將它放入一個變量中? – Nanne

+0

只是做一個POST並不明智,讓代碼運行在你想要搜索的東西后面?導致這種方式你的URL欄會混亂並且容易進行注射。 – Dorvalla

回答

0

正好連接爲一個字符串評價者比呼應:

if($_GET['genre']) { 
    $sql = 'SELECT * FROM movies WHERE `genre1` = '; 
    foreach($_GET['genre'] as $genre) { 
    $genres = array("Actie", "Animatie", "Avontuur", "Documentaire", "Drama", "Erotiek", "Familie", "Fantasy", "Film", "Horror", "Komedie", "Misdaad", "Muziek", "Mystery", "Oorlog", "Roadmovie", "Romantiek", "Sciencefiction", "Thriller", "Western"); 
    if (!in_array($genre, $genres)) { 
     header('location: ?error=1'); 
     die(); 
    } 
    $sql = $sql . " '".$genre."' OR `genre2` = '".$genre."'"; 
    if(end($_GET['genre']) !== $genre) { 
     $sql = $sql . ' OR `genre1` = '; 
    } 
    } 
    $sql = $sql . " AND `year` > '".$_GET['year1']."' AND `year` < '".$_GET['year2']."';"; 
} else { 
    $sql = "SELECT * FROM movies WHERE `year` > '".$_GET['year1']."' AND `year` < '".$_GET['year2']."';"; 
} 

echo $sql;

來源

2014-02-25 14:44:58

+0

你是一個偉大的人:) – user3351731

相關問題

 相關問題