查询表中所有记录的字符串

Question

当我单独拉出每个潜在客户状态（？leadstatus=New、？leadstatus=Hot 等）时，它们可以工作，但是当我尝试获取全部时，我似乎无法让它工作。如您所见，页面上的默认设置是新潜在客户。

`$query = "SELECT * FROM contacts WHERE contacttype IN ('New','Buyer','Seller','Buyer / Seller','Investor') AND leadstatus = 'New' ORDER BY date DESC";

    if(isset($_GET['leadstatus']) && in_array($_GET['leadstatus'], array('New', 'Hot', 'Warm', 'Cold', 'Rejected', 'Closed')))
    {      
    $status = $_GET['leadstatus'];   
    $query = "SELECT * FROM contacts WHERE leadstatus = '".$status."' ORDER BY contacts.date DESC";  
    }`

以下是我尝试过的一些字符串：

?leadstatus=New&leadstatus=Hot&leadstatus=Warm&leadstatus=Rejected&leadstatus=Cold - Only pulls last listed, which is Cold

?leadstatus[]=New&leadstatus=[]Hot&leadstatus[]=Warm&leadstatus[]=Rejected&leadstatus[]=Cold - Returns default, which is New

?leadstatus=New&Hot&Warm&Rejected&Cold 

• 返回默认值，即新建

Answer 1

if(isset($_GET['leadstatus']) && $_GET['leadstatus'] == "all") {
    $query = "SELECT * FROM contacts ORDER BY contacts.date DESC";  
} else if (in_array($_GET['leadstatus'], array('New', 'Hot', 'Warm', 'Cold', 'Rejected', 'Closed'))) {      
    $status = $_GET['leadstatus'];   
    $query = "SELECT * FROM contacts WHERE leadstatus = '".$status."' ORDER BY contacts.date DESC";  
}

然后，让leadstatus = all。

Answer 2

试试这个：

if(isset($_GET['leadstatus']) && in_array($_GET['leadstatus'], array('New', 'Hot', 'Warm', 'Cold', 'Rejected', 'Closed')))
{      
  $status = $_GET['leadstatus'];   
  if(!empty($status)) {
    $query = "SELECT * FROM contacts WHERE leadstatus = '".$status."' ORDER BY contacts.date DESC";  
  } else {
    $query = "SELECT * FROM contacts ORDER BY contacts.date DESC"; 
  }
}`

但是，我还可以建议您使用参数化查询吗？您在这里很容易受到 SQL 注入攻击。

Answer 3

这样的东西应该匹配多个条件，允许您一次混合匹配多个条件，而不是一个或全部。

$status = join(',',$_GET['leadstatus']); 
$query = "SELECT * FROM contacts WHERE leadstatus IN($status) ORDER BY contacts.date DESC";