问题描述
我有以下数组,我想将它们中的每一个都转换为单独的字符串.换句话说,将数组分解为单独的部分.
I have the following arrays and I would like to convert each one of them into individual strings. In other words, break the array into individual pieces.
$formatsArray = $_POST['formats'];
$topicsArray = $_POST['topics'];
这是因为我想在以下查询中包含单个字符串
This is because I would like to include the individual strings in the following query "
$resources = "select * from resources where
stage LIKE '%".$stage."%'
AND format LIKE '%".$formats."%'";
$run_query = mysqli_query($con, $resources);
这是因为 format 需要一个单独的字符串进行比较,例如假设数组是 ["video", "blogs", "articles"],如果 format 是与 video,blogs,articles 相比,而不是视频,博客或文章.
This is because format expect an individual string for comparison, such as lets assume the array is ["video", "blogs", "articles"], it wouldn't work if format was to be compared with video,blogs,articles but rather video, blogs or articles.
我希望这很清楚,如有任何澄清,请提供建议.
I hope this is clear, and for any clarification, please advise.
一切顺利,
更新:
$formats = explode(',', $formatsArray);
$topics = explode(',', $topicsArray);
$resources = "select * from resources where
stage LIKE '%".$stage."%'
AND format LIKE '%".$formats."%' AND topic LIKE '%".$topics."%' ";
更新:
$run_query = mysqli_query($con, $resources);
while($row = mysqli_fetch_array($run_query)) {
$data[] = array(
'format' => $row['format'],
'title' => $row['title'],
'costs' => $row['cost'],
'stage' => $row['stage'],
'topic' => $row['topic'],
'link' => $row['link']
);
}
更新
include('db.php');
$query = 'select * from resources where ';
$query .= 'stage LIKE :stage and';
$execute[':stage'] = '%' . $stage . '%';
if(!empty($_POST['formats'])){
foreach($_POST['formats'] as $key => $format) {
$query .= 'format LIKE :format' . $key . ' and ';
$execute[':format' . $key] = '%' . trim($format) . '%';
}
}
if(!empty($_POST['topics'])){
foreach($_POST['topics'] as $key => $topic) {
$query .= 'topic LIKE :topic' . $key . ' and ';
$execute[':topic' . $key] = '%' . trim($topic) . '%';
}
}
$query = rtrim($query, ' and ');
if(!empty($execute)) {
$stmt = $con->prepare($query);
$stmt->execute($execute);
} else {
echo 'You must search for something';
}
while($row = mysqli_fetch_array($query)) {
$data[] = array(
'format' => $row['format'],
'title' => $row['title'],
'costs' => $row['cost'],
'stage' => $row['stage'],
'topic' => $row['topic'],
'link' => $row['link']
);
}
推荐答案
我认为这样做可以.这也将通过使用准备好的语句来解决注入漏洞.
I think this would do it. This also will resolve the injection hole by using prepared statements.
$query = 'select * from resources where ';
if(!empty($_POST['formats'])){
foreach($_POST['formats'] as $key => $format) {
$query .= 'stage LIKE :stage' . $key . ' or ';
$execute[':stage' . $key] = '%' . trim($format) . '%';
}
}
if(!empty($_POST['topics'])){
foreach($_POST['topics'] as $key => $topic) {
$query .= 'topic LIKE :topic' . $key . ' or ';
$execute[':topic' . $key] = '%' . trim($topic) . '%';
}
}
$query = rtrim($query, ' or ');
if(!empty($execute)) {
echo $query;
print_r($execute);
//$stmt = $mysqli->prepare($query);
//$stmt->execute($execute);
} else {
echo 'You must search for something';
}
给你一个查询
select * from resources where stage LIKE :stage0 or stage LIKE :stage1 or topic LIKE :topic0 or topic LIKE :topic1 or topic LIKE :topic2 or topic LIKE :topic3
select * from resources where stage LIKE :stage0 or stage LIKE :stage1 or topic LIKE :topic0 or topic LIKE :topic1 or topic LIKE :topic2 or topic LIKE :topic3
和绑定值:
Array
(
[:stage0] => %test%
[:stage1] => %test1%
[:topic0] => %value1%
[:topic1] => %value2%
[:topic2] => %value3%
[:topic3] => %value4%
)
这是我认为数据已配对时的初始代码..
Here's the initial code I had for when I thought the data was paired..
foreach($formats as $key => $format) {
$topic = $topics[$key];
$query .= '(stage LIKE :stage' . $key . ' and topic LIKE :topic' . $key . ') or ';
$execute[':stage' . $key] = '%' . trim($format) . '%';
$execute[':topic' . $key] = '%' . trim($topic) . '%';
}
关于准备好的语句的一些链接:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
http://php.net/manual/en/mysqli.prepare.php
http://php.net/manual/en/mysqli-stmt.execute.php
A few links on prepared statements:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
http://php.net/manual/en/mysqli.prepare.php
http://php.net/manual/en/mysqli-stmt.execute.php
这篇关于将数组转换为单独的字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!