将数组转换为单独的字符串

2021-12-25 00:00:00 arrays php mysql mysqli

我有以下数组,我想将它们中的每一个都转换为单独的字符串.换句话说,将数组分解为单独的部分.

I have the following arrays and I would like to convert each one of them into individual strings. In other words, break the array into individual pieces.

  $formatsArray = $_POST['formats'];
      $topicsArray = $_POST['topics'];

这是因为我想在以下查询中包含单个字符串

This is because I would like to include the individual strings in the following query "

  $resources = "select * from resources where
                    stage LIKE '%".$stage."%'
                    AND format LIKE '%".$formats."%'";


      $run_query = mysqli_query($con, $resources);

这是因为 format 需要一个单独的字符串进行比较,例如假设数组是 ["video", "blogs", "articles"],如果 format 是与 video,blogs,articles 相比,而不是视频,博客或文章.

This is because format expect an individual string for comparison, such as lets assume the array is ["video", "blogs", "articles"], it wouldn't work if format was to be compared with video,blogs,articles but rather video, blogs or articles.

我希望这很清楚,如有任何澄清,请提供建议.

I hope this is clear, and for any clarification, please advise.

一切顺利,

更新:

$formats = explode(',', $formatsArray);
      $topics = explode(',', $topicsArray);


      $resources = "select * from resources where
                    stage LIKE '%".$stage."%'
                    AND format LIKE '%".$formats."%' AND topic LIKE '%".$topics."%' ";

更新:

$run_query = mysqli_query($con, $resources);


  while($row = mysqli_fetch_array($run_query)) {

    $data[] = array(
      'format' => $row['format'],
      'title' => $row['title'],
      'costs' => $row['cost'],
      'stage' => $row['stage'],
      'topic' => $row['topic'],
      'link' => $row['link']
    );
  }

更新

  include('db.php');


  $query = 'select * from resources where ';
  $query .= 'stage LIKE :stage and';
  $execute[':stage'] = '%' . $stage . '%';
  if(!empty($_POST['formats'])){
  foreach($_POST['formats'] as $key => $format) {
      $query .= 'format LIKE :format' . $key . ' and ';
      $execute[':format' . $key] = '%' . trim($format) . '%';
  }
  }
  if(!empty($_POST['topics'])){
  foreach($_POST['topics'] as $key => $topic) {
      $query .= 'topic LIKE :topic' . $key . ' and ';
      $execute[':topic' . $key] = '%' . trim($topic)  . '%';
  }
  }
  $query = rtrim($query, ' and ');
  if(!empty($execute)) {
      $stmt = $con->prepare($query);
      $stmt->execute($execute);
  } else {
      echo 'You must search for something';
  }


      while($row = mysqli_fetch_array($query)) {

        $data[] = array(
          'format' => $row['format'],
          'title' => $row['title'],
          'costs' => $row['cost'],
          'stage' => $row['stage'],
          'topic' => $row['topic'],
          'link' => $row['link']
        );
      }

推荐答案

我认为这样做可以.这也将通过使用准备好的语句来解决注入漏洞.

I think this would do it. This also will resolve the injection hole by using prepared statements.

$query = 'select * from resources where ';
if(!empty($_POST['formats'])){ 
foreach($_POST['formats'] as $key => $format) {
    $query .= 'stage LIKE :stage' . $key . ' or ';
    $execute[':stage' . $key] = '%' . trim($format) . '%';
}
}
if(!empty($_POST['topics'])){
foreach($_POST['topics'] as $key => $topic) {
    $query .= 'topic LIKE :topic' . $key . ' or ';
    $execute[':topic' . $key] = '%' . trim($topic)  . '%';
}
}
$query = rtrim($query, ' or ');
if(!empty($execute)) {
    echo $query;
    print_r($execute);
    //$stmt = $mysqli->prepare($query);
    //$stmt->execute($execute);
} else {
    echo 'You must search for something';
}

给你一个查询

select * from resources where stage LIKE :stage0 or stage LIKE :stage1 or topic LIKE :topic0 or topic LIKE :topic1 or topic LIKE :topic2 or topic LIKE :topic3

select * from resources where stage LIKE :stage0 or stage LIKE :stage1 or topic LIKE :topic0 or topic LIKE :topic1 or topic LIKE :topic2 or topic LIKE :topic3

和绑定值:

Array
(
    [:stage0] => %test%
    [:stage1] => %test1%
    [:topic0] => %value1%
    [:topic1] => %value2%
    [:topic2] => %value3%
    [:topic3] => %value4%
)

这是我认为数据已配对时的初始代码..

Here's the initial code I had for when I thought the data was paired..

foreach($formats as $key => $format) {
    $topic = $topics[$key];
    $query .= '(stage LIKE :stage' . $key . ' and topic LIKE :topic' . $key . ') or ';
    $execute[':stage' . $key] = '%' . trim($format) . '%';
    $execute[':topic' . $key] = '%' . trim($topic)  . '%';
}

关于准备好的语句的一些链接:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
http://php.net/manual/en/mysqli.prepare.php
http://php.net/manual/en/mysqli-stmt.execute.php

A few links on prepared statements:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
http://php.net/manual/en/mysqli.prepare.php
http://php.net/manual/en/mysqli-stmt.execute.php

相关文章