用於查詢表中所有記錄的字符串

Question

當我單獨拉動每個leadstatus（？leadstatus = New，？leadstatus = Hot等）時，它們都能正常工作，但在嘗試獲取All時，似乎無法獲得它工作。您可以看到，頁面上的默認值是New leads。

`$query = "SELECT * FROM contacts WHERE contacttype IN ('New','Buyer','Seller','Buyer/Seller','Investor') AND leadstatus = 'New' ORDER BY date DESC"; 

    if(isset($_GET['leadstatus']) && in_array($_GET['leadstatus'], array('New', 'Hot', 'Warm', 'Cold', 'Rejected', 'Closed'))) 
    {  
    $status = $_GET['leadstatus']; 
    $query = "SELECT * FROM contacts WHERE leadstatus = '".$status."' ORDER BY contacts.date DESC"; 
    }` 

這裏有一些我沒有運氣嘗試字符串：

?leadstatus=New&leadstatus=Hot&leadstatus=Warm&leadstatus=Rejected&leadstatus=Cold - Only pulls last listed, which is Cold 

?leadstatus[]=New&leadstatus=[]Hot&leadstatus[]=Warm&leadstatus[]=Rejected&leadstatus[]=Cold - Returns default, which is New 

?leadstatus=New&Hot&Warm&Rejected&Cold 

• 返回默認情況下，這是新

Answer 1

if(isset($_GET['leadstatus']) && $_GET['leadstatus'] == "all") { 
    $query = "SELECT * FROM contacts ORDER BY contacts.date DESC"; 
} else if (in_array($_GET['leadstatus'], array('New', 'Hot', 'Warm', 'Cold', 'Rejected', 'Closed'))) {  
    $status = $_GET['leadstatus']; 
    $query = "SELECT * FROM contacts WHERE leadstatus = '".$status."' ORDER BY contacts.date DESC"; 
} 

然後，使leadstatus =所有。

Answer 2

試試這個：

if(isset($_GET['leadstatus']) && in_array($_GET['leadstatus'], array('New', 'Hot', 'Warm', 'Cold', 'Rejected', 'Closed'))) 
{  
    $status = $_GET['leadstatus']; 
    if(!empty($status)) { 
    $query = "SELECT * FROM contacts WHERE leadstatus = '".$status."' ORDER BY contacts.date DESC"; 
    } else { 
    $query = "SELECT * FROM contacts ORDER BY contacts.date DESC"; 
    } 
}` 

不過，我也建議你使用參數化查詢？您可以在這裏查看SQL注入攻擊。

Answer 3

像這樣的東西應該匹配多個條件，允許你一次混合和匹配幾個，而不是1個或全部。

$status = join(',',$_GET['leadstatus']); 
$query = "SELECT * FROM contacts WHERE leadstatus IN($status) ORDER BY contacts.date DESC";