$pdo=new PDO('mysql:host=localhost;dbname=scms', 'root' ); $_POST=array('title'=>23,'content'=>'km'); $keys= array_keys($_POST); /** * $filetarr數(shù)組用于規(guī)定只可以寫入的字段 */ $filetarr=array('title','content'); $filtre=true; $where=''; /** *$wherearr數(shù)組用來根據(jù)字段指定查詢條件,例如大于,等于,like */ $wherearr=array('title'=>'like','content'=>'>%'); foreach ($keys as $value){ if(in_array($value, $filetarr,true)){ if($wherearr[$value]==='between'){ if(count(explode(',', $_POST[$value]))===1){ break; } $where.='and '.$value.' between '.":{$value}left".' and '.":{$value}right "; $_POST[$value]=explode(',', $_POST[$value]); $_POST[$value.'left']=$_POST[$value][0]; $_POST[$value.'right']=$_POST[$value][1]; unset($_POST[$value]); }else{ $where.='and '.$value.' '.$wherearr[$value].' '.":{$value} "; } }else{ //var_dump($value); $filtre=false; break; } } /** * *如果用or連接條件語句,截取前面兩個(gè)字符 */ $where=substr($where,3); if($filtre){ $fields=implode(',', $keys); $fieldszwh=':'.implode(',:', $keys); $sql="select * from article where {$where}"; var_dump($sql); $pdostatement= $pdo->prepare($sql); $pdostatement->execute($_POST); $re= $pdostatement->fetchAll(); var_dump($pdostatement->errorInfo()); var_dump($_POST); var_dump($re); }else{ echo '非法字段'; } |