Php 基于用户输入编写包含变量WHERE的查询
我有个疑问。我希望它做的是检查每个变量是否存在,如果不存在,则忽略它们。我还想在表格中显示结果。任何帮助都将不胜感激 到目前为止我所拥有的:这是我的代码。目前,它返回一个包含数据库所有结果的数组,但如果我将WHERE子句中的ORs更改为AND,则需要填充所有字段。我希望用户能够输入尽可能多的信息,以便显示所有可能的结果Php 基于用户输入编写包含变量WHERE的查询,php,mysql,pdo,Php,Mysql,Pdo,我有个疑问。我希望它做的是检查每个变量是否存在,如果不存在,则忽略它们。我还想在表格中显示结果。任何帮助都将不胜感激 到目前为止我所拥有的:这是我的代码。目前,它返回一个包含数据库所有结果的数组,但如果我将WHERE子句中的ORs更改为AND,则需要填充所有字段。我希望用户能够输入尽可能多的信息,以便显示所有可能的结果 <?php require("common.php");?> <?php if(!empty($_POST)) { $sth = $db->prepare
<?php require("common.php");?>
<?php
if(!empty($_POST))
{
$sth = $db->prepare("SELECT * FROM customer WHERE First_name LIKE '%$First_name%' OR Surname LIKE '%$Surname%' OR DOB LIKE '$DOB' OR Street LIKE '%$Street%' OR Suburb LIKE '$Suburb' OR State LIKE '$State' OR Postcode LIKE '$Postcode' OR Phone LIKE '$Phone'");
$sth->execute();
/* Fetch all of the remaining rows in the result set */
print("Fetch all of the remaining rows in the result set:\n");
$result = $sth->fetchAll();
print_r($result);
$First_name = $_POST['First_name'];
$Surname = $_POST['Surname'];
$DOB = $_POST['DOB'];
$Street = $_POST['Street'];
$Suburb = $_POST['Suburb'];
$State = $_POST['State'];
$Postcode = $_POST['Postcode'];
$Phone = $_POST['Phone'];
}
?>
<fieldset><legend>Find a customer</legend>
<form name="querycustomerform" method="post" action="qcustomer.php">
<table class="five">
<tr>
<td colspan="4">
<h3>Please fill out as many details as possible</h3>
</td>
</tr>
<tr>
<td>
<input type="text" name="First_name" maxlength="30" size="30" placeholder="First name">
</td>
<td>
<input type="text" name="Surname" maxlength="30" size="30" placeholder="Surname">
</td>
<td style="text-align: right">Date of Birth:</td>
<td>
<input type="date" name="DOB">
</td>
</tr>
<tr>
<td>
<input type="text" name="Street" maxlength="40" size="30" placeholder="Street Address">
</td>
<td>
<input type="text" name="Suburb" maxlength="15" size="30" placeholder="Suburb">
</td>
<td>
<select name="State">
<option value="">State</option>
<option value="ACT">Australian Capital Territory</option>
<option value="NSW">New South Wales</option>
<option value="NT">Northern Territory</option>
<option value="QLD">Queensland</option>
<option value="SA">South Australia</option>
<option value="TAS">Tasmania</option>
<option value="VIC">Victoria</option>
<option value="WA">Western Australia</option>
</select>
</td>
<td>
<input type="text" name="Postcode" maxlength="4" size="30" placeholder="Postcode">
</td>
</tr>
<tr>
<td>
<input type="text" name="Phone" maxlength="15" size="30" placeholder="Phone Number">
</td>
<td>
</td>
<td>
</td>
<td>
<input class="button" type="submit" value="Search">
</td>
</tr>
</table>
</form>
</fieldset>
试着改变
$sth = $db->prepare("SELECT * FROM customer WHERE First_name LIKE '%$First_name%' OR Surname LIKE '%$Surname%' OR DOB LIKE '$DOB' OR Street LIKE '%$Street%' OR Suburb LIKE '$Suburb' OR State LIKE '$State' OR Postcode LIKE '$Postcode' OR Phone LIKE '$Phone'");
到
从文本字符串中提取$First_name,并将其与文本字符串连接起来。您所做的是逐字搜索“$First_name”,而不是$First_name变量的值。从外观的角度来看,这有点混乱,但我发现将文本与变量连接起来比在引号中展开变量更安全
Darryl或条件要求任何条件(即:条件1、条件2、条件n)必须满足才能将记录包括在结果集中。而和条件要求所有条件(即:条件1、条件2、条件n)必须满足这些要求。对于您的要求,或条件是必需的
您需要构建一个动态查询来执行此操作。从基本存根开始
$sql = "SELECT * FROM customer";
然后需要将初始子句设置为WHERE
$clause = " WHERE ";//Initial clause
您需要一个数组来存储参数
$paramArray =array();
开始构建查询。注意,我已从POST更改为GET,因为它更易于测试
另请参见占位符中的使用%。ie占位符不能表示查询的任意部分,而只能表示完整的数据文字
if(isset($_GET['First_name'])){
$First_name = $_GET['First_name'];
$sql .= "$clause First_name LIKE ?";
$clause = " OR ";//Change clause
array_push($paramArray,"%$First_name%");
}
继续下一条
if(isset($_GET['Surname'])){
$Surname = $_GET['Surname'];
$sql .= "$clause Surname LIKE ?";
$clause = " OR ";
array_push($paramArray,"%$Surname%");
}
增加上述条款的剩余部分
测试结果,测试后移除,更改后发布
echo $sql ;
echo "<br>";
print_r($paramArray);
Test.php?First_name=dave&name=smith的典型测试结果
SELECT * FROM customer WHERE First_name LIKE ? OR Surname LIKE ?
Array ( [0] => %dave% [1] => %smith% )
SELECT * FROM customer WHERE Surname LIKE ?
Array ( [0] => %smith% )
来自test.php?姓氏=smith
SELECT * FROM customer WHERE First_name LIKE ? OR Surname LIKE ?
Array ( [0] => %dave% [1] => %smith% )
SELECT * FROM customer WHERE Surname LIKE ?
Array ( [0] => %smith% )
检查填写的内容,添加到查询中是否提供了信息,以及该信息是什么样子?