什麼是使用PHP下面的輸入轉換爲SQL的最佳方式?轉換自定義查詢到SQL
+a - includes a
+(c\d) - includes c or d but not both
+(c/d/e) - includes any of these
-f - does not include f
我已經使用preg_replace或爆炸來循環和做如果聲明,但沒有任何工作一貫工作的各種刺。
基本上,我需要把像
+a +(c/d/e)
進入
SELECT * FROM the_table
WHERE description LIKE "%a%"
AND (description LIKE "%c%" OR description like "%d%" OR description LIKE "%$e%")
謝謝!
UPDATE:
這是我在它的嘗試。我確信有一個更簡單的方法...
public function custom_query($query){
$fields = " feed_items.description ";
$return_query = "";
$query = str_replace("'", '', $query);
$pluses = explode('+',$query);
foreach($pluses as $plus){
$plus = trim($plus);
if (substr($plus,0,1) == '('){
$return_query .= 'AND (';
$plus = str_replace(array('(',')'), '', $plus);
$ors = explode('/', $plus);
foreach($ors as $or){
if ($or){
$return_query .= $fields." LIKE '%".$or."%' OR";
}
}
$return_query = rtrim($return_query, ' OR');
$return_query .= ')';
} else {
if ($plus){
$return_query .= ' AND ' . $fields.' LIKE '.'"%'.$plus.'%"';
}
}
}
$negatives = explode('-',$query);
foreach($negatives as $negative){
$negative = trim($negative);
if (substr($negative,0,1) == '('){
$return_query .= 'AND (';
$negative = str_replace(array('(',')'), '', $negative);
$ors = explode('\\', $negative);
foreach($ors as $or){
if ($or){
$return_query .= $fields." NOT LIKE '%".$or."%' OR";
}
}
$return_query = rtrim($return_query, ' OR');
$return_query .= ')';
} else {
if ($negative){
$return_query .= ' AND ' . $fields.' NOT LIKE '.'"%'.$negative.'%"';
}
}
}
$return_query = ' AND '.ltrim($return_query, ' AND ');
return $return_query;
}