我认为这是一个非常简单的问题。这是我最好的选择还是有“正确”的方法来做到这一点?
<?php
$correctOrder = array("name", "address", "phone", "starttime", "endtime",
"status", "details");
$sql->sql1 = "SELECT * FROM `pickups` WHERE";
if (isset($_GET["name"])){
$sql->sql2 = "`name` LIKE '%" . $_GET['name'] . "%'";
}
if (isset($_GET["address"])){
if (!isset($_GET['name'])){
$q = "`address` LIKE '%" . $_GET['address'] . "%'";
} else {
$q = "AND `address` LIKE '%" . $_GET['address'] . "%'";
}
$sql->sql3 = $q;
}
...
...
echo implode(" ", (array) $sql);
?>
所以,现在:
?name=Jari%20Martikainen&address=some%20random%20street
和
?name=Jari%20Martikainen&address=some%20random%20street&blah=har
和
?address=some%20random%20street&blah=har&name=Jari%20Martikainen
都返回所需的相同结果,但这似乎不是一种非常有效的做事方式。
最佳答案
构建 AND 子句的数组 ($ands),但没有“AND”。
$ands = array();
if (...)
$ands[] = "name LIKE ...";
if (...)
$ands[] = "address LIKE ...";
...
然后构建查询:
$query = "SELECT ... WHERE " . implode(' AND ', $ands);
我发现这种模式简单、干净,并且避免了诸如 1=1 之类的困惑或删除了额外的 AND。
关于PHP MySQL GET 代码审查,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48238201/