如何在 php 中将字符串与 OR 运算符连接起来?
How to concatenate string with OR-operator in php?
我想根据 for 循环的输出构建查询。查询现在看起来像这样:
$result = $pdo->query("SELECT {$fields}, ST_AsGeoJSON(geom, 5) AS geojson FROM government_table WHERE '".$gov_where_statement."' {$order}");
并且 $gov_where_statement 来自 for 循环:
for ($i=0; $i<count($gov)-1; $i++){
$gov_where_statement .="government='".$gov[$i]."' "&&" ";
}
for ($i=0; $i<count($gov); $i++){
if( !next( $gov ) ) {
$gov_where_statement .="government='".$gov[$i]."'";
}
}
如果有三个政府,我希望将查询解释为:
$result = $pdo->query("SELECT {$fields}, ST_AsGeoJSON(geom, 5) AS geojson FROM government_table WHERE government='first' && government='second' && government='third' {$order}");
问题出现在 for 循环的第一部分“&&”。在 for 循环 returns 11government='third' 之后放置一个 var_dump($gov_where_statement) ,其中 11 来自带有 &&- 运算符的 for 循环。如果有四个政府,它将看起来像:111government='fourth'.
如何生成 government='first' && government='second' && government='third' 以便查询理解 &&-运算符?
可以用join()来解决:
$gov_where_statement = [];
for ($i=0; $i<count($gov)-1; $i++){
$gov_where_statement[] = "government='{$gov[i]}'";
}
$gov_where_statement = join(' OR ', $gov_where_statement);
请注意,您的整个代码可能易受 SQL Injection Attack. Consider using PDO prepared statements 影响。
我通常会使用预处理语句来防止SQL injection。所以我会单独构建一个占位符数组和替换值。此外,由于您希望针对单列和 N 个不同的值构建 OR 条件,我认为最好只使用 IN 语法:
<?php
// build a placeholder array [':gov1', ':gov2', ... ':govN']
$keys = array_map(function ($key) {
return ':gov' . $key;
}, range(1, sizeof($gov)));
// build a value array [':gov1' => $gov[0], ':gov2' => $gov[1], ... ':govN' => $gov[n-1]]
$values = array_combine($keys, $gov);
// form the SQL statement with placeholder for prepare
// i.e. WHERE government IN (:gov1, :gov2, ... :govN)
$where_clause = !empty($gov) ? 'WHERE government IN (' . implode($keys, ', ') . ')' : '';
// prepare the statement
$stmt = $dbh->prepare("SELECT {$fields}, ST_AsGeoJSON(geom, 5) AS geojson FROM government_table {$where_clause} {$order}");
// execute the prepared statement with the values
$result = $stmt->execute($values);
我想根据 for 循环的输出构建查询。查询现在看起来像这样:
$result = $pdo->query("SELECT {$fields}, ST_AsGeoJSON(geom, 5) AS geojson FROM government_table WHERE '".$gov_where_statement."' {$order}");
并且 $gov_where_statement 来自 for 循环:
for ($i=0; $i<count($gov)-1; $i++){
$gov_where_statement .="government='".$gov[$i]."' "&&" ";
}
for ($i=0; $i<count($gov); $i++){
if( !next( $gov ) ) {
$gov_where_statement .="government='".$gov[$i]."'";
}
}
如果有三个政府,我希望将查询解释为:
$result = $pdo->query("SELECT {$fields}, ST_AsGeoJSON(geom, 5) AS geojson FROM government_table WHERE government='first' && government='second' && government='third' {$order}");
问题出现在 for 循环的第一部分“&&”。在 for 循环 returns 11government='third' 之后放置一个 var_dump($gov_where_statement) ,其中 11 来自带有 &&- 运算符的 for 循环。如果有四个政府,它将看起来像:111government='fourth'.
如何生成 government='first' && government='second' && government='third' 以便查询理解 &&-运算符?
可以用join()来解决:
$gov_where_statement = [];
for ($i=0; $i<count($gov)-1; $i++){
$gov_where_statement[] = "government='{$gov[i]}'";
}
$gov_where_statement = join(' OR ', $gov_where_statement);
请注意,您的整个代码可能易受 SQL Injection Attack. Consider using PDO prepared statements 影响。
我通常会使用预处理语句来防止SQL injection。所以我会单独构建一个占位符数组和替换值。此外,由于您希望针对单列和 N 个不同的值构建 OR 条件,我认为最好只使用 IN 语法:
<?php
// build a placeholder array [':gov1', ':gov2', ... ':govN']
$keys = array_map(function ($key) {
return ':gov' . $key;
}, range(1, sizeof($gov)));
// build a value array [':gov1' => $gov[0], ':gov2' => $gov[1], ... ':govN' => $gov[n-1]]
$values = array_combine($keys, $gov);
// form the SQL statement with placeholder for prepare
// i.e. WHERE government IN (:gov1, :gov2, ... :govN)
$where_clause = !empty($gov) ? 'WHERE government IN (' . implode($keys, ', ') . ')' : '';
// prepare the statement
$stmt = $dbh->prepare("SELECT {$fields}, ST_AsGeoJSON(geom, 5) AS geojson FROM government_table {$where_clause} {$order}");
// execute the prepared statement with the values
$result = $stmt->execute($values);