Php 查询以查找高级搜索选项
我试着从3个领域寻找答案。如果我只填写1个字段,那么数据应该搜索,如果我填写2列,那么数据应该搜索。 请帮助我找出哪里我错了,因为数据正在从任何场景中搜索 下面是我的代码,我使用过,但它不起作用:-Php 查询以查找高级搜索选项,php,Php,我试着从3个领域寻找答案。如果我只填写1个字段,那么数据应该搜索,如果我填写2列,那么数据应该搜索。 请帮助我找出哪里我错了,因为数据正在从任何场景中搜索 下面是我的代码,我使用过,但它不起作用:- $query = ""; $keyword = $_REQUEST['sports']; $country = $_REQUEST['city']; $category = $_REQUEST['code']; if(isset($keyword)){//if keyword set goes
$query = "";
$keyword = $_REQUEST['sports'];
$country = $_REQUEST['city'];
$category = $_REQUEST['code'];
if(isset($keyword)){//if keyword set goes here
$query = "SELECT * FROM event WHERE sports LIKE '%$keyword%' OR postelcode LIKE '%$keyword%' OR city LIKE '%$keyword%'";
if(isset($category)){
$query = "AND postelcode LIKE '$category'";
}
if(isset($country)){
$query = "AND city LIKE '$country'";
}
}else if (isset($category)){ //if keyword not set but category set then goes here
$query = "SELECT * FROM event WHERE postelcode LIKE '$category'";
if(isset($country)){
$query = "AND city LIKE '$country'";
}
}else if(isset($country)){//if only country set goes here
$query = "SELECT * FROM event WHERE city LIKE '$country'";
}
$result1 = mysqli_query($conn, $query);
if (mysqli_num_rows($result1) > 0)
{
// output data of each row
while($row = mysqli_fetch_assoc($result1))
{
?> <ul>
<li>Contact Email :- <?php echo $email; ?></li>
<li>Sports :- <?php echo $row["sports"]; ?></li>
</ul>
<?php
}
}
?>
$query=”“;
$keyword=$_请求['sports'];
$country=$\请求['city'];
$category=$_请求['code'];
if(isset($keyword)){//if关键字集在这里
$query=“从事件中选择*,其中运动类“%$keyword%”或postelcode类“%$keyword%”或城市类“%$keyword%”;
if(isset(类别)){
$query=“和类似于“$category”的postelcode”;
}
如果(isset(国家)){
$query=“与城市类似的“$country”;
}
}elseif(isset($category)){//if关键字未设置,但设置了category,则转到此处
$query=“从事件中选择*,其中postelcode类似于“$category”;
如果(isset(国家)){
$query=“与城市类似的“$country”;
}
}else if(isset($country)){//如果这里只有国家/地区集
$query=“从事件中选择*城市,如“$country”;
}
$result1=mysqli\u查询($conn,$query);
如果(mysqli_num_行($result1)>0)
{
//每行的输出数据
而($row=mysqli\u fetch\u assoc($result1))
{
?>
- 联络电邮:-
- 体育:-
$query=“和类似于“$category”的postelcode”;=和逻辑的每个实例都需要附加到select查询中,而不是替换它。您正在使用每个条件替换$query
变量值正在添加
使用=
运算符将新的where子句附加到上一个查询字符串中
另外,我还做了一些其他更改,通过设置isset to Request变量并将isset of where子句变量替换为!empty,使您的代码不受错误的影响,因为您已经在代码开头定义了所有变量。因此isset()
始终为真
$query = "";
$keyword = isset($_REQUEST['sports']) ? $_REQUEST['sports'] : ''; //Checking if parameter is passed
$country = isset($_REQUEST['city']) ? $_REQUEST['city'] : '' ; //Checking if parameter is passed
$category = isset($_REQUEST['code']) ? $_REQUEST['code'] : ''; //Checking if parameter is passed
if(!empty($keyword)){//if keyword set goes here
$query = "SELECT * FROM event WHERE sports LIKE '%$keyword%' OR postelcode LIKE '%$keyword%' OR city LIKE '%$keyword%'";
if(!empty($category)){
$query .= " AND postelcode LIKE '$category'"; // Added space before AND
}
if(!empty($country)){
$query .= " AND city LIKE '$country'"; // Added space before AND
}
}else if (!empty($category)){ //if keyword not set but category set then goes here
$query = "SELECT * FROM event WHERE postelcode LIKE '$category'";
if(!empty($country)){
$query .= " AND city LIKE '$country'"; // Added space before AND
}
}
if(isset($country)){//UPDATED THIS CONDITION: if only country set goes here
$query = "SELECT * FROM event WHERE city LIKE '$country'";
}
$result1 = mysqli_query($conn, $query);
if (mysqli_num_rows($result1) > 0)
{
// output data of each row
while($row = mysqli_fetch_assoc($result1))
{
?> <ul>
<li>Contact Email :- <?php echo $email; ?></li>
<li>Sports :- <?php echo $row["sports"]; ?></li>
</ul>
<?php
}
}
$query=”“;
$keyword=isset($\u请求['sports'])?$\u请求['sports']:'';//检查是否传递了参数
$country=isset($_请求['city'])?$_请求['city']:'';//检查是否传递了参数
$category=isset($\u请求['code'])?$\u请求['code']:'';//检查是否传递了参数
if(!empty($keyword)){//if关键字集在此处
$query=“从事件中选择*,其中运动类“%$keyword%”或postelcode类“%$keyword%”或城市类“%$keyword%”;
如果(!空($category)){
$query.=“和类似于“$category”的postelcode;//在和之前添加了空格
}
如果(!空($country)){
$query.=“与城市类似的“$country”;//在和之前添加了空格
}
}else如果(!empty($category)){//if关键字未设置但类别已设置,则转到此处
$query=“从事件中选择*,其中postelcode类似于“$category”;
如果(!空($country)){
$query.=“与城市类似的“$country”;//在和之前添加了空格
}
}
if(isset($country)){//更新了这个条件:如果这里只有国家/地区集
$query=“从事件中选择*城市,如“$country”;
}
$result1=mysqli\u查询($conn,$query);
如果(mysqli_num_行($result1)>0)
{
//每行的输出数据
而($row=mysqli\u fetch\u assoc($result1))
{
?>
- 联络电邮:-
- 体育:-
删除了不必要的if块和不正确的字符串表达式(后续$query=“…”;$query=“…”;$query=“…”)
,它们只覆盖了$query
的上一个值
使用=
运算符组合字符串,例如-$query=“text1”;$query.=“text2”;$query.=“text3”
-结果为-$query=“text1 text2 text3”
还正确启动了变量($keyword、$country和$category
),以防止出现通知错误。还对变量执行了mysqli\u real\u escape\u string(),以防止sql注入攻击
下面的代码使用mysql或condition
返回与任何搜索字段匹配的记录
更新代码:
$query = "";
$keyword = mysqli_real_escape_string($conn, ((isset($_REQUEST['sports']) AND $_REQUEST['sports'] != "" )? "%{$_REQUEST['sports']}%" : ''));
$country = mysqli_real_escape_string($conn, ((isset($_REQUEST['city']) AND $_REQUEST['city'] != "" )? "%{$_REQUEST['city']}%" : ''));
$category = mysqli_real_escape_string($conn, ((isset($_REQUEST['code']) AND $_REQUEST['code'] != "" ) ? "%{$_REQUEST['code']}%" : ''));
if($keyword!="" OR $country!="" OR $category!=""){
$query = "SELECT * FROM event WHERE sports LIKE '$keyword' OR postelcode LIKE '$category' OR city LIKE '$country'";
$result1 = mysqli_query($conn, $query);
if (mysqli_num_rows($result1) > 0) {
while($row = mysqli_fetch_assoc($result1)) {
?>
<ul>
<li>Contact Email :- <?php echo $email; ?></li>
<li>Sports :- <?php echo $row["sports"]; ?></li>
</ul>
<?php
}
}
}
$query = "";
$keyword = mysqli_real_escape_string($conn, ((isset($_REQUEST['sports']) AND $_REQUEST['sports'] != "" )? "%{$_REQUEST['sports']}%" : ''));
$country = mysqli_real_escape_string($conn, ((isset($_REQUEST['city']) AND $_REQUEST['city'] != "" )? "%{$_REQUEST['city']}%" : ''));
$category = mysqli_real_escape_string($conn, ((isset($_REQUEST['code']) AND $_REQUEST['code'] != "" ) ? "%{$_REQUEST['code']}%" : ''));
if($keyword!="" OR $country!="" OR $category!=""){
$query = "SELECT * FROM event WHERE ";
if($keyword!="") {
$query .= "sports LIKE '$keyword'";
}
if($category!="") {
if($keyword!=""){
$query .= " AND "
}
$query .= "postelcode LIKE '$category'";
}
if($county!="") {
if($keyword!="" OR $category!="") {
$query .= " AND "
}
$query .= " city LIKE '$country'";
}
$result1 = mysqli_query($conn, $query);
if (mysqli_num_rows($result1) > 0) {
while($row = mysqli_fetch_assoc($result1)) {
?>
<ul>
<li>Contact Email :- <?php echo $email; ?></li>
<li>Sports :- <?php echo $row["sports"]; ?></li>
</ul>
<?php
}
}
}
如果上面的代码对您有效,您可能希望将您的mysql查询
转换为使用prepared语句
作为防止sql注入
攻击的首选方法。我使用了这段代码,只使用了一个选项就可以了,但当只搜索城市或postel代码时,它无法正常工作,所有数据都是真实的这是另一个问题。要能够筛选国家,您应该将最后一个条件分隔为if
条件,而不是else if
。请检查我的更新答案,它也应该适用于国家搜索。但请记住,$country正在使用city
列进行检查。因此,请确认这一点。