1. 首頁
  2. 問答
  3. 使用php創建sql查詢

使用php創建sql查詢

2013-07-08 64 views
-2

我遇到了這個問題,我試圖想出最好和最有效的解決方案。我有一個19個不同的輸入的PHP網站,他們都是可選的,我使用get方法。有了這些輸入,我必須找到與數據庫匹配並返回的信息。我遇到的問題是創建可以工作的查詢。使用php創建sql查詢

$query = "SELECT * FROM TEST.table"; 
if(($_GET['Transmission_Line_Designation'] ==="") && ($_GET['Switch_Number'] === "") && ($_GET['Telecom_Circuit_Number'] === "") 
    && ($_GET['Transmitter_Frequency'] === "") && ($_GET['Receiver_Frequency'] === "") && ($_GET['power_level'] === "") 
    && ($_GET['Phase'] === "") && ($_GET['Modulate'] === "") && ($_GET['trap_type'] === "") && ($_GET['line_tuner_type'] === "")) 
    //checks if there were no input, if there werent any, display all columns and rows from the data base 
{ 

} 
    else 
{

這是我遇到的問題,如果用戶輸入第一輸入,它會工作,但是,如果用戶離開第一輸入欄,散發出來的查詢是「裏和」一些東西,我正在考慮使用很多if循環來檢查條件並添加一個標誌,但我確信有一個更簡單的方法來完成它。

 $query.= " where "; 
     if 
     $query .= ($_GET['Transmission_Line_Designation'] === "") ? '' : 'Line_Designation = "'.$_GET['Transmission_Line_Designation'].'"'; 
     $query .= ($_GET['Switch_Number'] === "") ? '' : ' and Switch_Number = "'.$_GET['Switch_Number'].'"'; 
     $query .= ($_GET['Telecom_Circuit_Number'] === "") ? '' : ' and Telecom_Circuit_Number = "'.$_GET['Telecom_Circuit_Number'].'"'; 
     $query .= ($_GET['Transmitter_Frequency'] === "") ? '' : ' and Transmitter_Frequency = "'.$_GET['Transmitter_Frequency'].'"'; 
     $query .= ($_GET['Receiver_Frequency'] === "") ? '' : ' and Receiver_Frequency = "'.$_GET['Receiver_Frequency'].'"'; 
     $query .= ($_GET['power_level'] === "") ? '' : ' and power = "'.$_GET['power_level'].'"'; 
     $query .= ($_GET['Voltage'] === "") ? '' : ' and voltage = "'.$_GET['Voltage'].'"'; 
     $query .= ($_GET['Phase'] === "") ? '' : ' and Phase= "'.$_GET['Phase'].'"'; 
     $query .= ($_GET['Modulate'] === "") ? '' : ' and Modulate = "'.$_GET['Modulate'].'"'; 
     $query .= ($_GET['trap_type'] === "") ? '' : ' and trap = "'.$_GET['trap_type'].'"'; 
     $query .= ($_GET['line_tuner_type'] === "") ? '' : 'and ltunner = "'.$_GET['line_tuner_type'].'"'; 
     echo $query; 
}

謝謝你們的幫助提前,我很感激。

來源

2013-07-08 user2562224

+0

將來你可能會考慮爲你的SQL使用預處理語句。成爲SQL注入的受害者從來沒有樂趣。 – CountMurphy

回答

2

首先拋出一個虛擬布爾表達式,以便所有其他條件都可以以「AND」開頭。像這樣:

 $query.= " where 1=1 "; 
     if 
     $query .= ($_GET['Transmission_Line_Designation'] === "") ? '' : 'AND Line_Designation = "'.$_GET['Transmission_Line_Designation'].'"'; 
     $query .= ($_GET['Switch_Number'] === "") ? '' : ' and Switch_Number = "'.$_GET['Switch_Number'].'"'; 
     $query .= ($_GET['Telecom_Circuit_Number'] === "") ? '' : ' and Telecom_Circuit_Number = "'.$_GET['Telecom_Circuit_Number'].'"'; 
     $query .= ($_GET['Transmitter_Frequency'] === "") ? '' : ' and Transmitter_Frequency = "'.$_GET['Transmitter_Frequency'].'"'; 
     $query .= ($_GET['Receiver_Frequency'] === "") ? '' : ' and Receiver_Frequency = "'.$_GET['Receiver_Frequency'].'"'; 
     $query .= ($_GET['power_level'] === "") ? '' : ' and power = "'.$_GET['power_level'].'"'; 
     $query .= ($_GET['Voltage'] === "") ? '' : ' and voltage = "'.$_GET['Voltage'].'"'; 
     $query .= ($_GET['Phase'] === "") ? '' : ' and Phase= "'.$_GET['Phase'].'"'; 
     $query .= ($_GET['Modulate'] === "") ? '' : ' and Modulate = "'.$_GET['Modulate'].'"'; 
     $query .= ($_GET['trap_type'] === "") ? '' : ' and trap = "'.$_GET['trap_type'].'"'; 
     $query .= ($_GET['line_tuner_type'] === "") ? '' : 'and ltunner = "'.$_GET['line_tuner_type'].'"'; 
     echo $query; 
}

來源

2013-07-08 20:45:02

+0

非常感謝你,我被這個問題困住了一天,我不認爲我會想出這個,我仍然有這麼多的學習。再次感謝你。 – user2562224

1

這是什麼問題?和循環? 100%肯定它會更好地maintaince比這個代碼....

嘗試:

foreach($_GET as $key=>$value){ 
    if($value !== '') 
     switch($key){ 
     case "Modulate": 
      dosomething(); 
      break; 
     } 
    }

它會好得多maintaince。

來源

2013-07-08 20:49:52 Guerra

0

嘗試下面的內容,並添加了一些檢查。

<?php 

$sql = "SELECT * FROM table WHERE "; 
$count = count($_GET); 

if ($count) { // check if $_GET has any values at all 
    foreach ($_GET as $key => $value) { 
     if ($value) { // check if $value not empty 
      $sql .= $key . " = " . "'" . $value . "', "; 
     } 
    } 

    $sql = rtrim($sql, ", "); 
} 

echo $sql; 

?>

來源

2013-07-08 21:02:49 georgec20001

相關問題

 相關問題