如何在 zend 文字中转义?
How to escape things within zend literal?
我正在创建高级搜索,并希望通过将查询添加到数组中来循环查询:
private $searchFields = [
'as_first_name' => 'users.first_name like "%VALUE%"',
'as_last_name' => 'users.last_name like "%VALUE%"',
'as_payment_history_invoice_num' => 'users.user_id = (SELECT user_id from payment_history where payment_history.invoice_number = "VALUE" LIMIT 1)',
'as_building_num' => 'property_units.building_number like "%VALUE%"',
'as_residents_email' => 'users.email like "%VALUE%"',
'as_property_name' => 'property.name like "%VALUE%"',
'as_phone_num' => 'REPLACE(REPLACE(REPLACE(REPLACE(users.phone, " ", ""), "(", ""), ")", ""), "-", "") = "VALUE"',
'as_unit_num' => 'property_units.unit_number = "VALUE"',
'as_account_status' => 'user_status.status_name = "VALUE"'
];
所以在搜索时我正在做类似的事情..
if (array_key_exists($key, $this->searchFields)) {
$form->get($key)->setValue($val);
$where->NEST->literal(str_replace('VALUE', urldecode($val), $this->searchFields[$key]))->UNNEST;
}
但问题是我没有逃避那里的任何事情。不好。我怎样才能使用相同的结构,同时也转义东西。
您不必使用 urldecode;它应该在你到达这里之前就已经解码了。对于这种情况,听起来 NEST 可能太花哨了。
foreach (...)
{
$val = ...; // Get the raw value from the form field ($_POST[...] or whatever)
$mval = addslashes($val);
$sf = $this->searchFields[...];
$msf = str_replace('VALUE', $mval, $sf);
... $msf ...
}
mysqli_real_escape_str 会比 addslashes 好,但是你需要有 mysql 连接对象;你有吗?
Literal 谓词适用于没有占位符的情况。
您应该改用 Expression 谓词。
private $searchFields = [
'as_first_name' => 'users.first_name like "?"',
'as_last_name' => 'users.last_name like "?"',
'as_payment_history_invoice_num' => 'users.user_id = (SELECT user_id from payment_history where payment_history.invoice_number = "?" LIMIT 1)',
'as_building_num' => 'property_units.building_number like "?"',
'as_residents_email' => 'users.email like "?"',
'as_property_name' => 'property.name like "?"',
'as_phone_num' => 'REPLACE(REPLACE(REPLACE(REPLACE(users.phone, " ", ""), "(", ""), ")", ""), "-", "") = "?"',
'as_unit_num' => 'property_units.unit_number = "?"',
'as_account_status' => 'user_status.status_name = "?"'
];
zend-form 值应该已经解码,因此不需要 urldecode
if (array_key_exists($key, $this->searchFields)) {
$form->get($key)->setValue($val);
$where->NEST->expression($this->searchFields[$key], $val)->UNNEST;
}
我已经有一段时间没有使用 zend-db,请务必检查此代码是否实际生成了您需要的查询。
我正在创建高级搜索,并希望通过将查询添加到数组中来循环查询:
private $searchFields = [
'as_first_name' => 'users.first_name like "%VALUE%"',
'as_last_name' => 'users.last_name like "%VALUE%"',
'as_payment_history_invoice_num' => 'users.user_id = (SELECT user_id from payment_history where payment_history.invoice_number = "VALUE" LIMIT 1)',
'as_building_num' => 'property_units.building_number like "%VALUE%"',
'as_residents_email' => 'users.email like "%VALUE%"',
'as_property_name' => 'property.name like "%VALUE%"',
'as_phone_num' => 'REPLACE(REPLACE(REPLACE(REPLACE(users.phone, " ", ""), "(", ""), ")", ""), "-", "") = "VALUE"',
'as_unit_num' => 'property_units.unit_number = "VALUE"',
'as_account_status' => 'user_status.status_name = "VALUE"'
];
所以在搜索时我正在做类似的事情..
if (array_key_exists($key, $this->searchFields)) {
$form->get($key)->setValue($val);
$where->NEST->literal(str_replace('VALUE', urldecode($val), $this->searchFields[$key]))->UNNEST;
}
但问题是我没有逃避那里的任何事情。不好。我怎样才能使用相同的结构,同时也转义东西。
您不必使用 urldecode;它应该在你到达这里之前就已经解码了。对于这种情况,听起来 NEST 可能太花哨了。
foreach (...)
{
$val = ...; // Get the raw value from the form field ($_POST[...] or whatever)
$mval = addslashes($val);
$sf = $this->searchFields[...];
$msf = str_replace('VALUE', $mval, $sf);
... $msf ...
}
mysqli_real_escape_str 会比 addslashes 好,但是你需要有 mysql 连接对象;你有吗?
Literal 谓词适用于没有占位符的情况。
您应该改用 Expression 谓词。
private $searchFields = [
'as_first_name' => 'users.first_name like "?"',
'as_last_name' => 'users.last_name like "?"',
'as_payment_history_invoice_num' => 'users.user_id = (SELECT user_id from payment_history where payment_history.invoice_number = "?" LIMIT 1)',
'as_building_num' => 'property_units.building_number like "?"',
'as_residents_email' => 'users.email like "?"',
'as_property_name' => 'property.name like "?"',
'as_phone_num' => 'REPLACE(REPLACE(REPLACE(REPLACE(users.phone, " ", ""), "(", ""), ")", ""), "-", "") = "?"',
'as_unit_num' => 'property_units.unit_number = "?"',
'as_account_status' => 'user_status.status_name = "?"'
];
zend-form 值应该已经解码,因此不需要 urldecode
if (array_key_exists($key, $this->searchFields)) {
$form->get($key)->setValue($val);
$where->NEST->expression($this->searchFields[$key], $val)->UNNEST;
}
我已经有一段时间没有使用 zend-db,请务必检查此代码是否实际生成了您需要的查询。