我的网址是这样的:"inventory.php?sorting = 1"等等.页面加载正常,但不能正确显示信息.
mysql_connect("localhost","user","pass");
mysql_select_db("database");
if ($sorting == 1){
$result = mysql_query("select * from vehicles ORDER BY year DSC");
}
elseif ($sorting == 2){
$result = mysql_query("select * from vehicles ORDER BY make DSC");
}
elseif ($sorting == 3){
$result = mysql_query("select * from vehicles ORDER BY miles DSC");
}
elseif ($sorting == 4){
$result = mysql_query("select * from vehicles ORDER BY downpay DSC");
}
elseif ($sorting == 5){
$result = mysql_query("select * from vehicles ORDER BY pricepay DSC");
}
elseif ($sorting == 6){
$result = mysql_query("select * from vehicles ORDER BY pricecash DSC");
}
else {
$result = mysql_query("select * from vehicles");
}
while($r=mysql_fetch_array($result))
为什么不直接使用字段名作为GET变量?
$sortField = $_GET['sorting'];
// Ensure we don't get any SQL injection:
$validFields = array('year', 'make', 'miles' ... 'pricecash');
$sql = "select * from vehicles";
if(in_array($sortField, $validFields)){
$sql .= ' ORDER BY ' . $sortField .' DESC';
}
mysql_query($sql);
然后使用inventory.php?sorting = year等访问该页面.
这使得URL更具可读性,可预测性并且意味着您可以通过将新字段添加到阵列来支持新字段,而无需编写新的开关案例.
您需要更换$sorting与$_GET["sorting"]
但是也:
使用该switch声明不是更好的主意吗?
switch($_GET["sorting"]{
case 1:
$result = mysql_query("select * from vehicles ORDER BY year DSC");
break;
case 2:
等等