>我有 7 个搜索参数,尽管下面的代码只显示两个,标题和类型。
我们希望让用户能够按 7 个参数中的任何一个进行搜索。
他们还应该能够按多个参数进行搜索。
如何调整下面的代码以使用动态$where子句?
例如,用户可以选择 type='some value' 的位置。
用户还应该能够选择type='some value'和title='some value'的位置。
提前谢谢你。
function ms_escape_string($data) {
if ( !isset($data) or empty($data) ) return '';
if ( is_numeric($data) ) return $data;
$non_displayables = array(
'/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15
'/%1[0-9a-f]/', // url encoded 16-31
'/[x00-x08]/', // 00-08
'/x0b/', // 11
'/x0c/', // 12
'/[x0e-x1f]/' // 14-31
);
foreach ( $non_displayables as $regex )
$data = preg_replace( $regex, '', $data );
$data = str_replace("'", "''", $data );
return $data;
}
$strprojectTitle = null;
$strbidType = null;
if(isset($_POST["projectTitle"]))
{
$strprojectTitle = $_POST["projectTitle"];
}
if(isset($_POST["BidType"]))
{
$strbidType = $_POST["BidType"];
}
?>
<?php
$sql = "Select b.ID,convert(char(10),b.BidDate,101) BidDate,convert(char(10),
b.DueDate,101)DueDate,b.BidTitle,b.DueTime,b.BidID,BidIDFile,
d.Department,b.BidType,CASE WHEN b.AwardDate ='01/01/1900' Then NULL ELSe convert(char(10),b.AwardDate,101)END AS AwardDate,
convert(char(10),b.LastUpdate,101) LastUpdate,s.Status
FROM bids b inner join dept d on b.Department=d.DeptID inner join Status s on b.BidStatus=s.StatusId WHERE b.BidTitle = ' . ms_escape_string($strprojectTitle) . ' OR b.BidType = ' . ms_escape_string($strbidType) . ' ";
/****最新尝试
$fields = array(
'projectTitle' => 'b.BidTitle',
'BidType' => 'b.BidType'
);
$where = array();
foreach($fields as $fieldPost => $fieldDb) {
if(isset($_POST[$fieldPost]) && strlen($_POST[$fieldPost]) > 0) {
$where[] = "`$fieldDb` = '$_POST[$fieldPost]'";
}
}
$sql = "Select b.ID,convert(char(10),b.BidDate,101) BidDate,convert(char(10),
b.DueDate,101)DueDate,b.BidTitle,b.DueTime,b.BidID,BidIDFile,
d.Department,b.BidType,CASE WHEN b.AwardDate ='01/01/1900' Then NULL ELSe convert(char(10),b.AwardDate,101)END AS AwardDate,
convert(char(10),b.LastUpdate,101) LastUpdate,s.Status
FROM bids b inner join dept d on b.Department=d.DeptID inner join Status s on b.BidStatus=s.StatusId
" . ( count($where) > 0 ? " WHERE " . implode(' AND ', $where) : "" );
在代码中删除此部分:
$strprojectTitle = null;
$strbidType = null;
if(isset($_POST["projectTitle"]))
{
$strprojectTitle = $_POST["projectTitle"];
}
if(isset($_POST["BidType"]))
{
$strbidType = $_POST["BidType"];
}
并将其替换为下面的一个,它提供了一种动态的方式来构建 WHERE 条件:
## easily add here the fields you have
$fields = array(
'projectTitle' => 'b.BidTitle',
'BidType' => 'b.BidType'
);
$where = array();
foreach($fields as $fieldPost => $fieldDb) {
if(isset($_POST[$fieldPost]) && strlen($_POST[$fieldPost]) > 0) {
$where[] = "`$fieldDb` = '" . ms_escape_string($_POST[$fieldPost]) . "'";
}
}
## Use the $where array in your final SQL query
## important to test if count($where) > 0 in case no search has been made
$sql = "SELECT ..... " . ( count($where) > 0 ? " WHERE " . implode(' AND ', $where) : "" );
通过支持多种搜索类型(例如搜索比较器:LIKE %.)来构建 WHERE 字符串的更高级示例。% 和 =)
## support multiple search comparators
$fields = array(
'projectTitle' => array('field' => 'b.BidTitle', 'searchType' => 'like'),
'BidType' => array('field' => 'b.BidType', 'searchType' => 'equal')
);
$where = array();
foreach($fields as $fieldPost => $field) {
if(isset($_POST[$fieldPost]) && strlen($_POST[$fieldPost]) > 0) {
if($field['searchType'] == 'like') {
$where[] = "`".$field['field']."` LIKE '%" . ms_escape_string($_POST[$fieldPost]) . "%'";
} else {
$where[] = "`".$field['field']."` = '" . ms_escape_string($_POST[$fieldPost]) . "'";
}
}
}