Php SQL选择用户并根据经纬度过滤距离
我编写了以下基于搜索查询搜索用户的函数:Php SQL选择用户并根据经纬度过滤距离,php,sql,mysqli,Php,Sql,Mysqli,我编写了以下基于搜索查询搜索用户的函数: public function search_quick($query) { global $db, $system; $results = array(); $person = $db->query(sprintf("SELECT * FROM users WHERE user_id = %s AND user_token = %s", secure($_COOKIE[$this-
public function search_quick($query) {
global $db, $system;
$results = array();
$person = $db->query(sprintf("SELECT * FROM users WHERE user_id = %s AND user_token = %s", secure($_COOKIE[$this->_cookie_user_id], 'int'), secure($_COOKIE[$this->_cookie_user_token]) )) or _error(SQL_ERROR_THROWEN);
if($person->num_rows > 0) {
$this->_data = $person->fetch_assoc();
}
$user_id = $this->_data['user_id'];
$latitude = $this->_data['latitude'];
$longitude = $this->_data['longitude'];
$user_gender = $this->_data['user_gender'];
$user_sex = $this->_data['user_sex'];
$sexual_preference = $this->_data['sexual_preference'];
$sexual_orientation = $this->_data['sexual_orientation'];
$age_range = explode(',',$this->_data['age_range']);
$distance_range = explode(',',$this->_data['distance_range']);
$people = $db->query(sprintf('SELECT * FROM users WHERE user_fullname LIKE %1$s LIMIT %2$s', secure($query, 'search'), secure($system['min_results'], 'int', false) )) or _error(SQL_ERROR_THROWEN);
$get_users = $db->query(sprintf('
SELECT *,
3956 * 2 * ASIN(SQRT( POWER(SIN((%s - latitude) * pi()/180 / 2), 2) + COS(%s * pi()/180) * COS(latitude * pi()/180) *
POWER(SIN((%s - longitude) * pi()/180 / 2), 2) )) as
distance FROM %s
HAVING distance >= %s AND distance <= %s AND user_id != %s AND user_gender = %s AND user_sex = %s AND age >= %s AND age <= %s', $latitude, $longitude, $longitude, $people, $distance_range[0], $distance_range[1], $user_id, $sexual_preference, $sexual_orientation, $age_range[0], $age_range[1] )) or _error(SQL_ERROR_THROWEN);
if($get_users->num_rows > 0) {
while($user = $get_users->fetch_assoc()) {
$user['user_picture'] = $this->get_picture($user['user_picture'], $user['user_gender']);
/* get the connection between the viewer & the target */
$user['connection'] = $this->connection($user['user_id']);
$user['sort'] = $user['user_fullname'];
$user['type'] = 'user';
$results[] = $user;
}
}
}
公共函数搜索\u快速($query){
全球$db$系统;
$results=array();
$person=$db->query(sprintf(“从用户id=%s和用户令牌=%s的用户中选择*)、secure($\u COOKIE[$this->\u COOKIE\u user\u id]、'int')、secure($\u COOKIE[$this->\u COOKIE\u user\u token])或_error(SQL\u error\u THROWEN);
如果($person->num\u rows>0){
$this->_data=$person->fetch_assoc();
}
$user\u id=$this->\u数据['user\u id'];
$latitude=$this->_数据['latitude'];
$longitude=$this->_数据['longitude'];
$user_gender=$this->_data['user_gender'];
$user_sex=$this->_数据['user_sex'];
$sexual_preference=$this->_数据['sexual_preference'];
$sexual_-orientation=$this->_数据['sexual_-orientation'];
$age_range=explode(',',$this->_data['age_range']);
$distance_range=explode(',',$this->_data['distance_range']);
$people=$db->query(sprintf('SELECT*FROM user\u fullname LIMIT%1$s LIMIT%2$s',secure('query,'search'),secure('system['min\u results'],'int',false])或_error(SQL\u error\u THROWEN);
$get_users=$db->query(sprintf('
选择*,
3956*2*ASIN(SQRT(功率(SIN((%s-纬度)*pi()/180/2),2)+COS(%s*pi()/180)*COS(纬度*pi()/180)*
功率(SIN((%s-经度)*pi()/180/2),2))为
与%s的距离
让distance>=%s和distance=%s以及age回答我自己的问题,这样我可以在将来帮助别人…首先,我没有将变量放在secure()函数中。其次,我调整了SQL查询,所以我只需要1。在下面,您将找到正确的工作代码
public function search_quick($query) {
global $db, $system;
$results = array();
$person = $db->query(sprintf("SELECT * FROM users WHERE user_id = %s AND user_token = %s", secure($_COOKIE[$this->_cookie_user_id], 'int'), secure($_COOKIE[$this->_cookie_user_token]) )) or _error(SQL_ERROR_THROWEN);
if($person->num_rows > 0) {
$this->_data = $person->fetch_assoc();
}
$user_id = $this->_data['user_id'];
$latitude = $this->_data['latitude'];
$longitude = $this->_data['longitude'];
$user_gender = $this->_data['user_gender'];
$user_sex = $this->_data['user_sex'];
$sexual_preference = $this->_data['sexual_preference'];
$sexual_orientation = $this->_data['sexual_orientation'];
$age_range = explode(',',$this->_data['age_range']);
$distance_range = explode(',',$this->_data['distance_range']);
$get_users = $db->query(sprintf('SELECT *,
3956 * 2 * ASIN(SQRT( POWER(SIN((%s - latitude) * pi()/180 / 2), 2) + COS(%s * pi()/180) * COS(latitude * pi()/180) *
POWER(SIN((%s - longitude) * pi()/180 / 2), 2) )) as
distance FROM users
HAVING distance >= %s AND distance <= %s AND user_fullname LIKE %s AND user_id != %s AND user_gender = %s AND user_sex = %s AND age >= %s AND age <= %s LIMIT %s', secure($latitude), secure($longitude), secure($longitude), secure($distance_range[0]), secure($distance_range[1]), secure($query, 'search'), secure($user_id), secure($sexual_preference), secure($sexual_orientation), secure($age_range[0]), secure($age_range[1]), secure($system['min_results'], 'int', false) )) or _error(SQL_ERROR_THROWEN);
if($get_users->num_rows > 0) {
while($user = $get_users->fetch_assoc()) {
$user['user_picture'] = $this->get_picture($user['user_picture'], $user['user_gender']);
/* get the connection between the viewer & the target */
$user['connection'] = $this->connection($user['user_id']);
$user['sort'] = $user['user_fullname'];
$user['type'] = 'user';
$results[] = $user;
}
}
公共函数搜索\u快速($query){
全球$db$系统;
$results=array();
$person=$db->query(sprintf(“从用户id=%s和用户令牌=%s的用户中选择*)、secure($\u COOKIE[$this->\u COOKIE\u user\u id]、'int')、secure($\u COOKIE[$this->\u COOKIE\u user\u token])或_error(SQL\u error\u THROWEN);
如果($person->num\u rows>0){
$this->_data=$person->fetch_assoc();
}
$user\u id=$this->\u数据['user\u id'];
$latitude=$this->_数据['latitude'];
$longitude=$this->_数据['longitude'];
$user_gender=$this->_data['user_gender'];
$user_sex=$this->_数据['user_sex'];
$sexual_preference=$this->_数据['sexual_preference'];
$sexual_-orientation=$this->_数据['sexual_-orientation'];
$age_range=explode(',',$this->_data['age_range']);
$distance_range=explode(',',$this->_data['distance_range']);
$get_users=$db->query(sprintf('SELECT*,
3956*2*ASIN(SQRT(功率(SIN((%s-纬度)*pi()/180/2),2)+COS(%s*pi()/180)*COS(纬度*pi()/180)*
功率(SIN((%s-经度)*pi()/180/2),2))为
与用户的距离
距离>=%s,距离=%s和年龄旁注:请用谷歌搜索有关SQL注入的信息。@lvaroGonzález谢谢你的旁注。我编写了一个函数“secure()”来防止SQL注入。