如何在 php 中动态添加多个 WHERE 子句 [已关闭]

问题描述 投票:0回答:2

我有五个输入字段,即技能、地点、公司、经验和薪水。根据用户的要求,我将从数据库中获取值。我的问题是,如何动态使用where条件?考虑用户在技能和公司输入字段中输入值,我想从数据库中获取这些值,该怎么做?现在我保留了20个if条件来解决这个问题

public function get_jobonline($skillname,$userid,$location)
{
    $company=$this->input->post('searchcompany');
    $experience=$this->input->post('experience');
    $salary=$this->input->post('salary');
    echo $company;
    if($location==NULL)
    {
        $query=$this->db->query("SELECT j.id AS job_id, j.created_date,j.title, l.city AS location, cm.name AS company_name,
        cm.logo FROM  `jobs` AS j
        LEFT JOIN  `keyword` AS k ON  `k`.`job_id` =  `j`.`id` 
        LEFT JOIN  `keyword_master` AS km ON  `km`.`id` =  `k`.`keyword_id` 
        LEFT JOIN  `location_master` AS l ON  `l`.`id` =  `j`.`location` 
        LEFT JOIN  `company_master` AS cm ON  `cm`.`id` =  `j`.`company_id` 
        WHERE km.name = '$skillname' AND j.uid='$userid'
        ;");
    }
    else
    {
        $query=$this->db->query("SELECT j.id AS job_id, j.created_date,j.title, l.city AS location, cm.name AS company_name,
        cm.logo FROM  `jobs` AS j
        LEFT JOIN  `keyword` AS k ON  `k`.`job_id` =  `j`.`id` 
        LEFT JOIN  `keyword_master` AS km ON  `km`.`id` =  `k`.`keyword_id` 
        LEFT JOIN  `location_master` AS l ON  `l`.`id` =  `j`.`location` 
        LEFT JOIN  `company_master` AS cm ON  `cm`.`id` =  `j`.`company_id` 
        WHERE km.name = '$skillname' AND j.uid='$userid' AND l.city='$location'
        ;");
    }

    // if($company != NULL && )

    return $query->result_array();
}
php mysql codeigniter
2个回答
1
投票

如果我理解正确,你想根据用户输入动态更改你的查询。 为此,您应该将查询本身和查询的函数分开。

Ex 伪代码:

// Let's suppose it's your base query 
// (that meets the minimum field required to do the research).
$sql = "SELECT j.id AS job_id, j.created_date,j.title,... WHERE 
         km.name = '$skillname'";

// U add the condition skill if the user typed it
if(isset($_POST['skill'])
    $sql .= "AND j.skill = '$_POST['skill']'";

... (for every input filled u add condition to the query)

// WHEN all input u needed to add are tested
// Query the DB
$query = $this->db->query($sql);

你甚至可以通过创建一个包含所有输入名称字段的数组以便循环到它来做得更好。

1
投票

查询是字符串(几乎是,请继续阅读)。您可以通过字符串处理来创建它们。如果您查看此类软件生成的查询,您会发现他们经常阅读

 WHERE 1=1 AND name='value' and address = 'street' and job = 'driver'

等等。其中的 

WHERE 1=1
部分提示用于生成查询的代码的工作原理如下:

$q = "SELECT something JOIN something ON something...WHERE 1=1 ";
if (isset($val1))  $q .= " AND name= '$val1'";
if (isset($val2))  $q .= " AND street = '$val2'";
if (isset($val3))  $q .= " AND job = '$val3'";

if(!($result = db->query($q)) {
      /* error */
} else {
      /* process the resultset */
}


WHERE 1=1
是一种黑客手段,即使没有搜索条件,也能确保查询有效:即使 
if
语句都不为真。它有点难看,但是 SQL 可以理解它并且不会使查询花费更多时间。

如您所见,此策略会向您的查询添加可变数量的 AND 子句,具体取决于用户提供的查询参数。

这个例子只有一个问题。它不使用绑定变量,因此它对 SQL 注入开放。可以通过在一系列 

AND column=?
语句中构建一系列绑定变量以及一系列 
if
子句来解决这个问题。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.