提问人:Mike Mann 提问时间:11/17/2023 最后编辑:OlivierMike Mann 更新时间:11/17/2023 访问量:70
优化PHP SQL查询的最佳方法
best way to optmize php sql query
问:
我正在寻找有关优化代码的最佳方法的指针。该查询旨在拉取我在 wordpress 站点中建立连接的单独 sql Server 表中的供应商数据库。
我根据在搜索字段中传递的值创建了三个不同的查询。它要么是供应商名称、类别名称,要么是最终的类别 ID。我正在尝试优化,因此将来当我需要更新正在拉取的列时,我不必更新多个语句。
任何想法或指导将不胜感激。
<?php
$searchInput='xyz';
if(isset($_GET['searchInput'])){
$searchInput= $_GET['searchInput'];
}
$searchcat_id ='';
if(isset($_GET['category_id'])){
$searchcat_id= $_GET['category_id'];
}
if (isset($_POST['searchInput'])) {
$searchInput = sanitize_text_field($_POST['searchInput']);
}
$conn = get_sql_connect();
if ($conn === false) {
$content = ['Error in connecting the SQL Server'];
} else {
if($searchInput=='All Vendors'){
$query = "select * from vendor";
}else{
$query = "select * from vendor where vendorName LIKE '".$searchInput."'";
}
$datatable_value = array();
$stm = sqlsrv_query($conn, $query);
$flag = 0;
// When there is no categry name in search. We are only searching by Vendor name
while ($rows = sqlsrv_fetch_array($stm, SQLSRV_FETCH_ASSOC)) {
$flag = 1;
$ven_query = "SELECT cat.category_name, ven.vendorID
FROM vendor AS ven
JOIN vendor_category AS vencat ON ven.vendorID = vencat.vendor_id
JOIN category AS cat ON vencat.category_id = cat.category_id
WHERE ven.vendorName LIKE '%".str_replace("'","''",$rows['vendorName'])."%'";
$ven_stm = sqlsrv_query($conn, $ven_query);
while ($values = sqlsrv_fetch_array($ven_stm, SQLSRV_FETCH_ASSOC)) {
$rows['serviceCategory'] = $values['category_name'];
$rows['Details'] = '<a href="'.get_home_url().'/vendor-information/?vendor='.$searchInput.'&category='.$values['category_name'].'&id='.$values['vendorID'].'">View</a>';
$datatable_value[] = $rows;
}
}
// We are seaching by category name and no Vendor.
if($flag == 0 && $searchcat_id == ''){
$cat_query = "SELECT
V.vendorID,
V.vendorName,
V.contact_name,
V.email,
V.phone,
V.supplierID,
C.category_name
FROM
vendor AS V
JOIN
vendor_category AS VC ON V.vendorID = VC.vendor_id
JOIN
category AS C ON VC.category_id = C.category_id
WHERE
C.category_name LIKE '%".str_replace("'","''",$searchInput)."%'";
$cat_stm = sqlsrv_query($conn, $cat_query);
if(!empty($cat_stm)){
while ($value = sqlsrv_fetch_array($cat_stm, SQLSRV_FETCH_ASSOC)) {
$value['Details'] = '<a href="'.get_home_url().'/vendor-information/?vendor='.$value['vendorName'].'&category='.$searchInput.'&id='.$value['vendorID'].'">View</a>';
$datatable_value[] = $value;
}
}
}else{
$temp_query = "SELECT DISTINCT c4.category_id
FROM category c1
JOIN category c2 ON c1.category_id = c2.category_id OR c1.category_id = c2.parent_category_id
JOIN category c3 ON c2.category_id = c3.category_id OR c2.category_id = c3.parent_category_id
JOIN category c4 ON c3.category_id = c4.category_id OR c3.category_id = c4.parent_category_id
WHERE c1.category_id = ".$searchcat_id;
$temp_stm = sqlsrv_query($conn, $temp_query);
if(!empty($temp_stm)){
while ($value_temp = sqlsrv_fetch_array($temp_stm, SQLSRV_FETCH_ASSOC)) {
//echo $value_temp['category_id'].'----';
$cat_query = "SELECT
V.vendorID,
V.vendorName,
V.contact_name,
V.email,
V.phone,
V.supplierID,
C.category_name
FROM
vendor AS V
JOIN
vendor_category AS VC ON V.vendorID = VC.vendor_id
JOIN
category AS C ON VC.category_id = C.category_id
WHERE
C.category_id = ".$value_temp['category_id'];
//echo $cat_query.'/n';
$cat_stm = sqlsrv_query($conn, $cat_query);
if(!empty($cat_stm)){
//echo 'here::::';
while ($value = sqlsrv_fetch_array($cat_stm, SQLSRV_FETCH_ASSOC)) {
//print_r($value);
$value['Details'] = '<a href="'.get_home_url().'/vendor-information/?vendor='.$value['vendorName'].'&category='.$searchInput.'&id='.$value['vendorID'].'">View</a>';
$datatable_value[] = $value;
}
}
}
}
}
}
?>
答: 暂无答案
评论
str_replace("'", "''", somevalue)不会使您的代码免受注入攻击。as