当前位置: 文江博客 话题详情

简化 SQL 查询的 PHP 脚本

发布于 2024-12-07 00:53:53 字数 1862 浏览 0 评论 0 原文

我是一名自学成才的初学者程序员。最近我一直在编写一个 PHP 脚本来使用用户输入的关键字查询数据库。我想出的东西似乎比需要的要复杂得多,所以我想知道是否有一种方法可以简化我所写的内容。如果您有任何其他问题或需要更多代码,请告诉我。谢谢你!

    $types = array();
    if(!empty($_GET['location_id']) && isset($_GET['location_id'])) $types[] = "groups.location_id = " . str_replace(' ', '%', $_GET['location_id']) . " ";
    if(!empty($_GET['season_id']) && isset($_GET['season_id'])) $types[] = "seasons.season_id = " . str_replace(' ', '%', $_GET['season_id']) . " ";
    if(!empty($_GET['event']) && isset($_GET['event'])) $types[] = "(`event` LIKE '%" . str_replace(' ', '%', $_GET['event']) . "%' OR `note` LIKE '%" . str_replace(' ', '%', $_GET['event']) . "%') ";
    if(!empty($_GET['place']) && isset($_GET['place'])) $types[] = "`place` LIKE '%" . str_replace(' ', '%', $_GET['place']) . "%' ";
    if(!empty($_GET['city']) && isset($_GET['city'])) $types[] = "`city` LIKE '%" . str_replace(' ', '%', $_GET['city']) . "%' ";
    if(!empty($_GET['state_abbr']) && isset($_GET['state_abbr'])) $types[] = "`state_abbr` LIKE '%" . str_replace(' ', '%', $_GET['state_abbr']) . "%' ";
    if(!empty($_GET['weekday']) && isset($_GET['weekday'])) $types[] = "(`weekday` LIKE '%" . str_replace(' ', '%', $_GET['weekday']) . "%' OR `through_weekday` LIKE '%" . str_replace(' ', '%', $_GET['weekday']) . "%') ";
    if(!empty($_GET['month']) && isset($_GET['month'])) $types[] = "`month` LIKE '%" . str_replace(' ', '%', $_GET['month']) . "%' ";
    if(!empty($_GET['day']) && isset($_GET['day'])) $types[] = "(`day` LIKE '%" . str_replace(' ', '%', $_GET['day']) . "%' OR `through_day` LIKE '%" . str_replace(' ', '%', $_GET['day']) . "%') ";
    if(!empty($_GET['year']) && isset($_GET['year'])) $types[] = "`year` LIKE '%" . str_replace(' ', '%', $_GET['year']) . "%' ";
原文

I'm a self-taught, beginner programmer. Recently I've been working on a PHP script to query a database with user-entered keywords. What I've come up with seems much more complicated than it needs to be, so I was wondering if there was a way I could simplify what I wrote. Please let me know if you have any other questions or need any more code. Thank you!

    $types = array();
    if(!empty($_GET['location_id']) && isset($_GET['location_id'])) $types[] = "groups.location_id = " . str_replace(' ', '%', $_GET['location_id']) . " ";
    if(!empty($_GET['season_id']) && isset($_GET['season_id'])) $types[] = "seasons.season_id = " . str_replace(' ', '%', $_GET['season_id']) . " ";
    if(!empty($_GET['event']) && isset($_GET['event'])) $types[] = "(`event` LIKE '%" . str_replace(' ', '%', $_GET['event']) . "%' OR `note` LIKE '%" . str_replace(' ', '%', $_GET['event']) . "%') ";
    if(!empty($_GET['place']) && isset($_GET['place'])) $types[] = "`place` LIKE '%" . str_replace(' ', '%', $_GET['place']) . "%' ";
    if(!empty($_GET['city']) && isset($_GET['city'])) $types[] = "`city` LIKE '%" . str_replace(' ', '%', $_GET['city']) . "%' ";
    if(!empty($_GET['state_abbr']) && isset($_GET['state_abbr'])) $types[] = "`state_abbr` LIKE '%" . str_replace(' ', '%', $_GET['state_abbr']) . "%' ";
    if(!empty($_GET['weekday']) && isset($_GET['weekday'])) $types[] = "(`weekday` LIKE '%" . str_replace(' ', '%', $_GET['weekday']) . "%' OR `through_weekday` LIKE '%" . str_replace(' ', '%', $_GET['weekday']) . "%') ";
    if(!empty($_GET['month']) && isset($_GET['month'])) $types[] = "`month` LIKE '%" . str_replace(' ', '%', $_GET['month']) . "%' ";
    if(!empty($_GET['day']) && isset($_GET['day'])) $types[] = "(`day` LIKE '%" . str_replace(' ', '%', $_GET['day']) . "%' OR `through_day` LIKE '%" . str_replace(' ', '%', $_GET['day']) . "%') ";
    if(!empty($_GET['year']) && isset($_GET['year'])) $types[] = "`year` LIKE '%" . str_replace(' ', '%', $_GET['year']) . "%' ";

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

哭了丶谁疼 2024-12-14 00:53:53

由于您的 WHERE 条件如此不同,因此无法减少代码中的行数,但每行可能会稍微短一些。您还想通过 mysql_real_escape_string() 传递提交的变量以防止SQL注入攻击。

您可以在循环中准备所有变量,这样您就不必在每一行上运行 mysql_real_escapestr_replace

foreach ($_GET as $key => $val) {
  $_GET[$key] = mysql_real_escape_string(str_replace(' ', '%', $val));
}

我认为对 isset 的调用() 有点多余,因此在运行每行上方的循环后可能看起来像这样:

if (!empty($_GET['year'])) 
  $types[] = "`year` LIKE '%" . $_GET['year'] . "%' ";

Because your WHERE conditions are so different there wouldn't be any way of reducing the number of lines in the code but each line could be slightly shorter. Also you want to pass the submitted variables through mysql_real_escape_string() to prevent SQL injection attacks.

You can prepare all of your variables in a loop so you don't have to run through mysql_real_escape and str_replace on each line:

foreach ($_GET as $key => $val) {
  $_GET[$key] = mysql_real_escape_string(str_replace(' ', '%', $val));
}

and I think the call to isset() is slightly redundant so after you've run the loop above each line could look something like this:

if (!empty($_GET['year'])) 
  $types[] = "`year` LIKE '%" . $_GET['year'] . "%' ";
回复 原文
身边 2024-12-14 00:53:53

只是一个想法..它可能会使代码更清晰,并且编写sql变得非常容易。

将此代码用于测试目的:

 $_GET['event']='jut for test';
 $_GET['place']='jut for test'; 
 $_GET['city']='jut for test'; 
 $_GET['state_abbr']='jut for test'; 
 $_GET['weekday']='jut for test'; 
 $_GET['month']='jut for test'; 
 $_GET['day']='jut for test';  
 $_GET['year']='jut for test';

然后在其下方,放置实际代码:

$queryTmplArr=Array("(`@field` LIKE '%@value%' OR `note` LIKE '%@value%') ",
"`@field` LIKE '%@value%' ","`@field` LIKE '%@value%' ","`@field` LIKE '%@value%' ",
"(`@field` LIKE '%@value%' OR `through_weekday` LIKE '%@value%') ",
"`@field` LIKE '%@value%' ","(`@field` LIKE '%@value%' OR `through_day` LIKE '%@value%') ",
"`@field` LIKE '%@value%' ");

$i=0;
foreach($_GET as $key =>$rawData)
{
     $cleanData= mysql_real_escape_string( str_replace(' ', '%', $rawData) ) ;   
     $queryTmplArr[$i]=str_replace('@value', $cleanData, $queryTmplArr[$i]);
     $queryTmplArr[$i]=str_replace('@field', $key, $queryTmplArr[$i]);
     $i++;
}

再次用于测试目的:

echo '<pre>';
print_r($queryTmplArr );

这将输出此内容:

Array
(
    [0] => (`event` LIKE '%jut%for%test%' OR `note` LIKE '%jut%for%test%') 
    [1] => `place` LIKE '%jut%for%test%' 
    [2] => `city` LIKE '%jut%for%test%' 
    [3] => `state_abbr` LIKE '%jut%for%test%' 
    [4] => (`weekday` LIKE '%jut%for%test%' OR `through_weekday` LIKE '%jut%for%test%') 
    [5] => `month` LIKE '%jut%for%test%' 
    [6] => (`day` LIKE '%jut%for%test%' OR `through_day` LIKE '%jut%for%test%') 
    [7] => `year` LIKE '%jut%for%test%' 
)

这样可以吗?

Just an idea.. It might make the code more clear and the sql writing a very easy job.

Put this code for testing purposes:

 $_GET['event']='jut for test';
 $_GET['place']='jut for test'; 
 $_GET['city']='jut for test'; 
 $_GET['state_abbr']='jut for test'; 
 $_GET['weekday']='jut for test'; 
 $_GET['month']='jut for test'; 
 $_GET['day']='jut for test';  
 $_GET['year']='jut for test';

Then below that, put the actual code: 

$queryTmplArr=Array("(`@field` LIKE '%@value%' OR `note` LIKE '%@value%') ",
"`@field` LIKE '%@value%' ","`@field` LIKE '%@value%' ","`@field` LIKE '%@value%' ",
"(`@field` LIKE '%@value%' OR `through_weekday` LIKE '%@value%') ",
"`@field` LIKE '%@value%' ","(`@field` LIKE '%@value%' OR `through_day` LIKE '%@value%') ",
"`@field` LIKE '%@value%' ");

$i=0;
foreach($_GET as $key =>$rawData)
{
     $cleanData= mysql_real_escape_string( str_replace(' ', '%', $rawData) ) ;   
     $queryTmplArr[$i]=str_replace('@value', $cleanData, $queryTmplArr[$i]);
     $queryTmplArr[$i]=str_replace('@field', $key, $queryTmplArr[$i]);
     $i++;
}

And for testing purpose again:

echo '<pre>';
print_r($queryTmplArr );

This will output this:

Array
(
    [0] => (`event` LIKE '%jut%for%test%' OR `note` LIKE '%jut%for%test%') 
    [1] => `place` LIKE '%jut%for%test%' 
    [2] => `city` LIKE '%jut%for%test%' 
    [3] => `state_abbr` LIKE '%jut%for%test%' 
    [4] => (`weekday` LIKE '%jut%for%test%' OR `through_weekday` LIKE '%jut%for%test%') 
    [5] => `month` LIKE '%jut%for%test%' 
    [6] => (`day` LIKE '%jut%for%test%' OR `through_day` LIKE '%jut%for%test%') 
    [7] => `year` LIKE '%jut%for%test%' 
)

Is this okay?

回复 原文
~没有更多了~

关于作者

南笙

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

已经忘了多久

文章 0 评论 0

15867725375

文章 0 评论 0

LonelySnow

文章 0 评论 0

走过海棠暮

文章 0 评论 0

轻许诺言

文章 0 评论 0

信馬由缰

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文