1. 首页
  2. 问答
  3. 将查询字符串传递给使用PHP的PDO sql查询

将查询字符串传递给使用PHP的PDO sql查询

2016-05-14 68 views
0

我正在根据不同的SQL查询制作返回JSON的自定义终端 - 查询是基于我从我的应用传递的多个查询字符串创建的。我所做的很简单,希望知道是否有更好的方法来达到与下面的结果相同的结果:将查询字符串传递给使用PHP的PDO sql查询

以下仅仅是所有IF/Else语句检查不同的一小部分查询字符串

if(isset($_GET['pt']) && !isset($_GET['c']) && !isset($_GET['sc']) && isset($_GET['size'])) { 

    $sql = "SELECT * 
    FROM product 
    INNER JOIN product_sizes 
    ON product.product_sku = product_sizes.affiliate_p_id 
    WHERE product_sizes.product_type IN (".$_GET['pt'].") 
    AND product_sizes.product_sizes IN (".$_GET['size'].") 
    GROUP BY product_sizes.affiliate_p_id 
    ORDER BY product.last_updated ASC 
    LIMIT 100"; 


} else { 

    $sql = "SELECT * 
    FROM product 
    INNER JOIN product_sizes 
    ON product.product_sku = product_sizes.affiliate_p_id 
    GROUP BY product_sizes.affiliate_p_id 
    ORDER BY product.last_updated ASC 
    LIMIT 100"; 

} 


$result = $pdo->query($sql)->fetchAll(PDO::FETCH_ASSOC); 
$return = array(); 
foreach ($result as $row) { 
    $return[] = array( 
     'affiliate_p_id' => $row['affiliate_p_id'], 
     'affiliate_id' => $row['affiliate_id'], 
     'product_colours' => $row['product_colours'], 
     'product_sub_category' => $row['product_sub_category'], 
     'merchant_name' => $row['merchant_name'], 
     'product_type' => $row['product_type'], 
     'product_sizes' => $row['product_sizes'], 
     'product_name' => $row['product_name'], 
     'sale_price' => $row['sale_price'], 
     'rrp_price' => $row['rrp_price'], 
     'product_image' => $row['product_image'], 
     'product_slug' => $row['product_slug']   
    ); 
} 
$dbh = null;  

header('Content-type: application/json'); 
echo json_encode($return);

来源

2016-05-14 Dan Whiteside

+0

按照预期的代码已经在运行?你只想讨论是否有更好的方法来做到这一点? –

+0

是的!它看起来笨重,并会知道是否有更好的方法 –

+1

这种问题应该是典型的http://codereview.stackexchange.com/和某种方式offnoteic上SO –

回答

1

可以分解成更小的部分这样

$sql = 'SELECT * 
 
    FROM product 
 
    INNER JOIN product_sizes 
 
    ON product.product_sku = product_sizes.affiliate_p_id '; 
 
if(isset($_GET['pt']) && !isset($_GET['c']) && !isset($_GET['sc']) && isset($_GET['size'])) { 
 
$sql .= 
 
    " WHERE product_sizes.product_type IN :pt AND product_sizes.product_sizes IN = :size '; 
 
} 
 
$sql .= " GROUP BY product_sizes.affiliate_p_id 
 
    ORDER BY product.last_updated ASC 
 
    LIMIT 100"; 
 
$sth = $dbh->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); 
 
if(isset($_GET['pt']) && !isset($_GET['c']) && !isset($_GET['sc']) && isset($_GET['size'])) { 
 
$sth->execute(array(':pt' => $_GET['pt'], ':size' => $_GET['size'])); 
 
} 
 
$result = $sth->fetchAll();

来源

2016-05-14 13:16:56

-1

您可以重构一下,以dinamically构建sql字符串。

// SQL start common to all queries 
$sql = "SELECT * 
     FROM product 
     INNER JOIN product_sizes 
     ON product.product_sku = product_sizes.affiliate_p_id"; 

// Append query depending on conditions 
if(isset($_GET['pt']) && !isset($_GET['c']) && !isset($_GET['sc']) && isset($_GET['size'])) { 
    $sql .= " WHERE product_sizes.product_type IN (".$_GET['pt'].") 
       AND product_sizes.product_sizes IN (".$_GET['size'].")"; 
} 

// SQL end common to all queries 
$sql .= " GROUP BY product_sizes.affiliate_p_id 
      ORDER BY product.last_updated ASC 
      LIMIT 100";

这样你就不会重复所有查询通用的SQL部分。

来源

2016-05-14 13:14:14 TheDrot

+0

哦,我真的很喜欢这个概念!我还会研究@Amit Ray关于SQL注入的说法 - 因为这个应用程序处于早期阶段,我只是想象一下,并确保它不会达到它的生命 –

+0

@DanWhiteside绝对需要修复sql注入。准备好的陈述是你最好的选择。 – TheDrot

相关问题

 相关问题