if with isset for $GET_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-03 09:57 出处：网络

Here is the extract of PHP code that is working as expected. But I want to modify the sql query. The inner join b,c,d,e 开发者_如何学Goshould not be part of the query unless the respective first,seco

相关专题：php

Here is the extract of PHP code that is working as expected.

But I want to modify the sql query. The inner join b,c,d,e 开发者_如何学Goshould not be part of the query unless the respective first,second,third variables are set.

$word_first=$_GET["first"];
$word_second=$_GET["second"];
$word_third=$_GET["third"];
$word_forth=$_GET["forth"];
$word_fifth=$_GET["fifth"];
$word_sixth=$_GET["sixth"];
$word_seventh=$_GET["seventh"];
$word_eighth=$_GET["eighth"];


$query="select id, word from toprint as a
inner join syl as b on b.word_id = a.id and b.char_id = '1' AND b.mychar LIKE '%".$word_first. "%' 
inner join syl as c on c.word_id = a.id and c.char_id = '2' AND c.mychar LIKE '%".$word_second. "%' 
inner join syl as d on d.word_id = a.id and d.char_id = '3' AND d.mychar LIKE '%".$word_third. "%' 
inner join syl as e on e.word_id = a.id and e.char_id = '4' AND e.mychar LIKE '%".$word_forth. "%' 
inner join syl as f on f.word_id = a.id and f.char_id = '5' AND f.mychar LIKE '%".$word_fifth. "%' 
inner join syl as g on g.word_id = a.id and g.char_id = '6' AND g.mychar LIKE '%".$word_sixth. "%' 
inner join syl as h on h.word_id = a.id and h.char_id = '7' AND h.mychar LIKE '%".$word_seventh. "%'
inner join syl as i on i.word_id = a.id and i.char_id = '8' AND i.mychar LIKE '%".$word_eighth. "%'
limit 2000";

<?php

$word_fifth=mysql_real_escape_string($_GET["fifth"]);
$word_sixth=mysql_real_escape_string($_GET["sixth"]);
$word_seventh=mysql_real_escape_string($_GET["seventh"]);
$word_eighth=mysql_real_escape_string($_GET["eighth"]);


$query="select id, word from toprint as a";
if(isset($_GET["first"]))
{
$query.="inner join syl as b on b.word_id = a.id and b.char_id = '1' AND b.mychar      LIKE '%".mysql_real_escape_string($_GET["first"]). "%' ";
}
if(isset($_GET["second"]))
{
$query.="inner join syl as c on c.word_id = a.id and b.char_id = '1' AND c.mychar   LIKE '%".mysql_real_escape_string($_GET["second"]). "%' ";
}
if(isset($_GET["third"]))
{
$query.="inner join syl as d on b.word_id = a.id and d.char_id = '1' AND d.mychar   LIKE '%".mysql_real_escape_string($_GET["third"]). "%' ";
}
if(isset($_GET["forth"]))
{
$query.="inner join syl as e on e.word_id = a.id and d.char_id = '1' AND e.mychar LIKE '%".mysql_real_escape_string($_GET["forth"]). "%' ";
}



$query.="inner join syl as f on f.word_id = a.id and f.char_id = '5' AND f.mychar LIKE  '%".$word_fifth. "%' 
inner join syl as g on g.word_id = a.id and g.char_id = '6' AND g.mychar LIKE '%".$word_sixth. "%' 
inner join syl as h on h.word_id = a.id and h.char_id = '7' AND h.mychar LIKE   '%".$word_seventh. "%'
inner join syl as i on i.word_id = a.id and i.char_id = '8' AND i.mychar LIKE  '%".$word_eighth. "%'
limit 2000";

If you have control over the form, I suggest changing the fields to look like:

<input type="..." name="word[2]" />

Then in your PHP you can simply do:

foreach($_GET['word'] as $number => $value) {
    $table = 'syl' . intval($number);
    $query .= 'INNER JOIN syl AS ' . $table . ' ON a.id = ' . $table . '.id AND ' . $table . '.char_id = '. intval($number) . ' AND ' . $table . ".mychar LIKE '%" . mysql_real_escape_string($value) . "%'";
}

Besides being infinitely expandable, it's also a lot less code.

Whatever you do, don't forget to include mysql_real_escape_string, since without it you are allowing your visitor to inject any arbitrary SQL they want into your query.