替换多个值+在 SQL 查询中?
Posted
技术标签:
【中文标题】替换多个值+在 SQL 查询中?【英文标题】:replace multiple values+in SQL query? 【发布时间】:2010-12-27 22:52:08 【问题描述】:我想使用用户在字段中的输入来搜索数据。也就是说,如果用户输入 "D+t+y+g,k,j,h" 想要搜索具有字母 "d and t and y and g or k or j or h"。我尝试了 php str_replace 函数,但结果不喜欢。
//kw is text field...
if($kw != "")
//here we check for some data in field; if yes, continue below
//c is for ',' replaced in javascript
$kw1 = str_replace("c"," OR bcm.keywords LIKE '$kw%' ",$kw);
//p is for '+' replaced in JavaScript//'bcm' is table name.
$kw3 = str_replace("p"," AND bcm.keywords LIKE '$kw%' ",$kw1);
//for appending into main query string
$app.=$kw3;
//$app.=" AND bcm.keywords LIKE '$kw%'";
...但是对于输入 "D+t+y+g,k,j,h",查询结果如下:
AND bcm.keywords LIKE 'Dptpypgckcjch%' t
AND bcm.keywords LIKE 'Dptpypgckcjch%' y
AND bcm.keywords LIKE 'Dptpypgckcjch%' g
OR bcm.keywords LIKE 'D
AND bcm.keywords LIKE 'Dptpypgckcjch%' t
AND bcm.keywords LIKE 'Dptpypgckcjch%' y
AND bcm.keywords LIKE 'Dptpypgckcjch%' gckcjch%' k
OR bcm.keywords LIKE 'D
AND bcm.keywords LIKE 'Dptpypgckcjch%' t
AND bcm.keywords LIKE 'Dptpypgckcjch%' y
AND bcm.keywords LIKE 'Dptpypgckcjch%' gckcjch%' j
OR bcm.keywords LIKE 'D
AND bcm.keywords LIKE 'Dptpypgckcjch%' t
AND bcm.keywords LIKE 'Dptpypgckcjch%' y
AND bcm.keywords LIKE 'Dptpypgckcjch%' gckcjch%' h**
...当我想要/需要的是:
AND bcm.keywords LIKE 'D%'
AND bcm.keywords LIKE 't%'
AND bcm.keywords LIKE 'y%'
AND bcm.keywords LIKE 'g%'
OR bcm.keywords LIKE 'k%'
OR bcm.keywords LIKE 'j%'
OR bcm.keywords LIKE 'h%'
【问题讨论】:
你知道......阅读你的代码和你的问题太难了。我以not a real question 的身份关闭...
@Chacha:如果您可以投票关闭,那么您还应该有权编辑帖子以清理格式。更新 300 条帖子后,它甚至还有一个徽章 - Strunk & White。
如果其他人为他们修复它,他们永远不会知道 ;)
@Jani:如果您不提供降价链接,则不会:***.com/editing-help
@dev646: 什么数据库?可能同样复杂,但将过滤条件转换为正则表达式可能是一个更好的主意。
【参考方案1】:
javascript中的解决方案
var getSearchSql = function(kw)
if(kw != "")
var ors = kw.split(",");
var sql = "";
var sqlVariable = "bcm.keywords";
for(i = 0; i < ors.length; i++)
var ands = ors[i].split("+");
sql += (i == 0)? "(": " OR (";
for(j = 0; j < ands.length; j++)
sql += (j == 0)? "": " AND ";
sql += sqlVariable + " LIKE '%" + ands[j] + "%' "
sql += ")"
return sql;
产生以下结果(kw = "D+t+y+g,k,j,h" 时)
(bcm.keywords LIKE '%D%'
AND bcm.keywords LIKE '%t%'
AND bcm.keywords LIKE '%y%'
AND bcm.keywords LIKE '%g%')
OR (bcm.keywords LIKE '%k%')
OR (bcm.keywords LIKE '%j%')
OR (bcm.keywords LIKE '%h%')
【讨论】:
美女... thnx ...我经历了这种方式但无法继续...干得好!【参考方案2】:试试这个:
<?
$str = "D+t+y+g,k,j,h";
$comNext = 0;
for ($i = 0 ; $i < strlen($str);$i++)
if ($str[$i+1] == "+")
$andKey .= " AND bcm.keywords LIKE '".$str[$i]."%'";
else if ($str[$i+1] == "," || $str[$i+1] == "")
if ($comNext == 0)
$andKey .= " AND bcm.keywords LIKE '".$str[$i]."%'";
else
$orKey .= " OR bcm.keywords LIKE '".$str[$i]."%'";
$comNext = 1;
echo $andKey.$orKey;
?>
给我:
AND bcm.keywords LIKE 'D%' AND bcm.keywords LIKE 't%' AND bcm.keywords LIKE 'y%' AND bcm.keywords LIKE 'g%' OR bcm.keywords LIKE 'k%' OR bcm.keywords LIKE 'j%' OR bcm.keywords LIKE 'h%'
【讨论】:
做得很好...!而不是 '+ and ,' 如果我们给出 'p 和 c' 它也会采用这个并显示输出包括... 'AND bcm.keywords LIKE 'l%' AND bcm.keywords LIKE 'p%' AND bcm.keywords LIKE 'o%' OR bcm.keywords LIKE 'c%' 意思是不使用 + 和 , 作为分隔符。你想要,p 和 c 作为分隔符.. 它不能完成,因为字母是搜索的关键 确实......但这对我来说是一个新想法......美丽!【参考方案3】:下面的答案带有 cmets 供某人参考...谢谢亲爱的帮助...
var ors = kw.split(",");//SPLITS WHERE , IS PRESENT
var sql = "";//INITIALISE SQL VARIABLE,TO BE PASSED TO AJAX
var sqlVariable = " LOWER(bcm.keywords)";//CONVERTS TO LOWER CASE FOR CHECKING, FROM DB
for(i = 0; i < ors.length; i++)// INITIALISE ARRAY TO GIVE OR WHERE , IS PRESENT
// AND FOR FURTHER SPLITTING WHERE + IS PRESENT TILL ORS LENGTH ...
// IE: ORS. LENGTH WILL HAVE VALUE FOR AT LEAST SINGLE , IN STRING
var ands = ors[i].split("+");//SPLIT STRING WHERE + IS PRESENT
sql += (i == 0)? "(": " OR (";//REPLACE , WITH OR
for(j = 0; j < ands.length; j++)// SIMILAR STEPS TO ABOVE TO REPLACE + WITH AND
sql += (j == 0)? "": " AND ";
sql += sqlVariable + " LIKE '%" + ands[j] + "%' "
sql += ")"// THE FINAL SQL ,WITH ALL BRACKETS, IS PASSED TO AJAX FOR
APPENDING TO SOME QUERY STATEMENT.
:)
【讨论】:
也许最好将此 cmets 直接放在 @ecounysis 答案中(SO 是一个协作的地方),或者在他的答案末尾添加您的注释代码块。 (小写更好)谢谢!【参考方案4】:恕我直言,使用 javascript 编写 SQL 语句太疯狂了,您在应用程序中打开了广泛的安全漏洞!
如果您想在提交数据之前在客户端处理数据,最好使用 json 或任何其他格式,但请让 SQL 留给服务器端处理。
【讨论】:
以上是关于替换多个值+在 SQL 查询中?的主要内容,如果未能解决你的问题,请参考以下文章