php search help
following are my posted variables from search form:
$city = $_REQUEST['city'];
$location = $_REQUEST['location'];
$bedrooms = $_REQUEST['noofbedrooms'];
$addeddate = $_REQUEST['addeddate'];
$minprice = $_REQUEST['pricefrom'];
$maxprice = $_REQUEST['priceto'];
$minarea = $_REQUEST['areafrom'];
$maxarea = $_REQUEST['areato'];
$propertytype = $_REQUEST['proptype'];
so far so good. Now i need some good suggestions for the following scenario. Almost every element in my field are optional. That means i can get empty values in above variables.
What should be my scenario to create the mysql query for the above variables. On case can be that i use conditions for each and every scenario. eg
if($city=="")
$query="";
elseif($location=="")
$query="";
and so on....
i need some professional approach for thi开发者_C百科s.
If all the query parts are built in the same way: WHERE fieldname='fieldvalue'
, you could use a lazy, loop-based approach:
$conditions = array();
foreach (array("city", "location", "noofbedrooms") as $field)
// ^ add all fields as needed
{
// Check whether parameter was passed at all
if (!array_key_exists($field, $_POST)) continue;
// Check whether parameter is empty
if (!empty($_POST[$field]))
$conditions[]="`$field` = ".mysql_real_escape_string($_POST[$field]);
// ^ or whatever your database library
// does for escaping
}
$query = "SELECT * from table where ".implode(" AND ", $conditions);
$city = mysql_real_escape_string($_REQUEST['city']);
$location = mysql_real_escape_string($_REQUEST['location']);
$bedrooms = mysql_real_escape_string($_REQUEST['noofbedrooms']);
$addeddate = mysql_real_escape_string($_REQUEST['addeddate']);
$minprice = mysql_real_escape_string($_REQUEST['pricefrom']);
$maxprice = mysql_real_escape_string($_REQUEST['priceto']);
$minarea = mysql_real_escape_string($_REQUEST['areafrom']);
$maxarea = mysql_real_escape_string($_REQUEST['areato']);
$query = 'SELECT * FROM hotels WHERE 1 = 1 ';
$query .= strlen($city) ? ' AND city = "'.$city.'"' : '';
$query .= strlen($location) ? ' AND location = "'.$location.'"' : '';
$query .= strlen($bedrooms) ? ' AND bedrooms = "'.$bedrooms.'"' : '';
// ... do it for all params ...
echo $query;
you can do something like this
$where = array();
if(strcmp($_REQUEST['city'], "")){
$where[] = "SEARCH_COLUMN = '" . $_REQUEST['city'] . "'";
}
if(strcmp($_REQUEST['location'], "")){
$where[] = "SEARCH_COLUMN = '" . $_REQUEST['location'] . "'";
}
if(strcmp($_REQUEST['noofbedrooms'], "")){
$where[] = "SEARCH_COLUMN = '" . $_REQUEST['noofbedrooms'] . "'";
}
if(strcmp($_REQUEST['addeddate'], "")){
$where[] = "SEARCH_COLUMN = '" . $_REQUEST['addeddate'] . "'";
}
if(strcmp($_REQUEST['pricefrom'], "")){
$where[] = "SEARCH_COLUMN = '" . $_REQUEST['pricefrom'] . "'";
}
...... // check for all the fields
when create the SQL using
$SQL = implode(" OR ", $where);
after that you can use this on some SQL like
"SELECT * FROM WHERE {$SQL}";
well I answered above, I think as your fields are optional you dont need to go with SQL AND, some somtimes = is not that good as well, you can use LIKE for most cases like location, and price from can be a ">=" etc. please note.
Something like this should do:
$fields = array('city', 'location' /* ... */);
$conditions = array();
foreach ($fields as $field) {
if (!empty($_REQUEST[$field])) {
$conditions[] = 'column LIKE "%'.mysql_real_escape_string($_REQUEST[$field]).'%"';
}
}
$query = 'SELECT row FROM table WHERE '.implode(' OR ', $conditions);
You need to adjust this to suit your needs (OR
or AND
for example).
精彩评论