示例:用户填写除产品名称之外的所有内容。
我需要搜索提供的内容,所以在这种情况下,除了productName=
之外的所有内容
此示例可以用于输入的任意组合。
有没有办法做到这一点?
谢谢。
$name = $_POST['n'];
$cat = $_POST['c'];
$price = $_POST['p'];
if( !($name) )
{
$name = some character to select all?
}
$sql = "SELECT * FROM products WHERE productCategory='$cat' and
productName='$name' and productPrice='$price' ";
编辑
解决方案不必防止攻击。具体来看它的动态部分。
类似
$where_array = array();
if( isset($_POST['n']) )$where_array[] = "productName = '{$_POST['n']}'";
if( isset($_POST['c']) )$where_array[] = "productCategory '{$_POST['c']}'";
if( isset($_POST['p']) )$where_array[] = "productPrice = '{$_POST['p']}'";
$where_stmt = implode( ' and ', $where_array );
if( $where_stmt )
{
$sql = "SELECT * FROM products WHERE $where_stmt ";
//run query
}