我有 2 个表单都指向相同的函数.php页面
1 个窗体有 2 个输入字段,即 Vechile 类型和定价,另一个窗体有 3 种输入类型,Vechile 类型定价和覆盖区域
if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'fixed' ) {
// Query
}
else if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'pump' ) {
// Query
}
else if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'fixed' && $_POST['coverageRegion'] == 'national' ) {
// Query
}
else if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'pump' && $_POST['coverageRegion'] == 'international' ) {
// Query
}
现在我上面的陈述不起作用,我是 PHP 的新手,所以请原谅我的天真,但我只希望前 2 个查询从主页运行,其中只设置了 2 个变量,而后 2 个查询在填写另一个表单时运行。
有没有办法说,如果没有设置覆盖范围区域,运行前 2 个?
我会这样做:
我会这样做:
$where = array('1 = 1');
if(isset($_POST['vehicleType'])) {
$where[] = "vehicleType = '" . mysql_real_escape_string($_POST['vehicleType']) . "'";
}
if(isset($_POST['pricing'])) {
$where[] = "pricing = '" . mysql_real_escape_string($_POST['pricing']) . "'";
}
if(isset($_POST['coverageRegion'])) {
$where[] = "coverageRegion = '" . mysql_real_escape_string($_POST['coverageRegion']) . "'";
}
// some more stuff
// if(isset($_POST['integerColumn'])) {
// $where[] = "integerColumn = " . intval($_POST['integerColumn']);
// }
// if(count($where) == 1) {
// die("You must specify at least one search criteria");
// }
$query = 'SELECT * FROM table WHERE ' . implode(' AND ', $where);
if (!isset($_POST['coverageRegion']))
{
//run first two
if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'fixed' )
{
// Query
}
else if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'pump' )
{
// Query
}
}
else
{
// run other two
if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'fixed' && $_POST['coverageRegion'] == 'national' )
{
// Query
}
else if ($_POST['vehicleType'] == 'lgv' && $_POST['pricing'] == 'pump' && $_POST['coverageRegion'] == 'international' )
{
// Query
}
}
我会这样做:
$vehicle_types = array( 'lgv', 'hgv', 'plg', );
$pricings = array( 'fixed', 'pump', );
$regions = array( 'national', 'international', );
// Variables to search for
$params = array();
// Column names in the table
$conditions = array();
$qry = 'SELECT column1, column2, column3 FROM tablename';
// Add vehicle type to query
if ( ( isset( $_POST['vehicleType'] ) )
&& ( in_array( $_POST['vehicleType'], $vehicle_types ) ) ) {
$params[] = $_POST['vehicleType'];
$conditions[] = 'vehicleType = ?';
}
// Add pricing to query
if ( ( isset( $_POST['pricing'] ) )
&& ( in_array( $_POST['pricing'], $pricings ) ) ) {
$params[] = $_POST['pricing'];
$conditions[] = 'pricing = ?';
}
// Add region to query
if ( ( isset( $_POST['coverageRegion'] ) )
&& ( in_array( $_POST['coverageRegion'], $regions ) ) ) {
$params[] = $_POST['coverageRegion'];
$conditions[] = 'region = ?';
}
if ( count( $params ) ) {
$qry .= ' WHERE ' . implode( ' AND ', $conditions );
// Connect to database using PDO
$db = new PDO( 'mysql:dbname=testdb;host=127.0.0.1', 'user', 'pass' );
$stmt = $db->prepare( $qry );
$stmt->execute( $params );
$result = $stmt->fetchAll();
print_r( $result );
}
好处:
- 没有
if/else
意大利面 - 将来易于添加更多选项
- 由于
PDO
准备好的陈述,无需mysql_real_escape_string
- 检查是否仅接受允许的变量
$_POST