我想使用字段中的用户条目搜索来获取数据。也就是说,如果用户输入“D + t + y + g,k,j,h”想要搜索具有字母“d和t,y和g或k或j的值,或者H“即可。我尝试了PHP str_replace函数,但不喜欢结果。
//kw is text field...
if($kw != "") {
//here we check for some data in field; if yes, continue below
//c is for ',' replaced in JavaScript
$kw1 = str_replace("c"," OR bcm.keywords LIKE '$kw%' ",$kw);
//p is for '+' replaced in JavaScript//'bcm' is table name.
$kw3 = str_replace("p"," AND bcm.keywords LIKE '$kw%' ",$kw1);
//for appending into main query string
$app.=$kw3;
//$app.=" AND bcm.keywords LIKE '$kw%'";
}
...但是对于输入“D + t + y + g,k,j,h”,查询将如下所示:
AND bcm.keywords LIKE 'Dptpypgckcjch%' t
AND bcm.keywords LIKE 'Dptpypgckcjch%' y
AND bcm.keywords LIKE 'Dptpypgckcjch%' g
OR bcm.keywords LIKE 'D
AND bcm.keywords LIKE 'Dptpypgckcjch%' t
AND bcm.keywords LIKE 'Dptpypgckcjch%' y
AND bcm.keywords LIKE 'Dptpypgckcjch%' gckcjch%' k
OR bcm.keywords LIKE 'D
AND bcm.keywords LIKE 'Dptpypgckcjch%' t
AND bcm.keywords LIKE 'Dptpypgckcjch%' y
AND bcm.keywords LIKE 'Dptpypgckcjch%' gckcjch%' j
OR bcm.keywords LIKE 'D
AND bcm.keywords LIKE 'Dptpypgckcjch%' t
AND bcm.keywords LIKE 'Dptpypgckcjch%' y
AND bcm.keywords LIKE 'Dptpypgckcjch%' gckcjch%' h**
......当我想要/需要的是:
AND bcm.keywords LIKE 'D%'
AND bcm.keywords LIKE 't%'
AND bcm.keywords LIKE 'y%'
AND bcm.keywords LIKE 'g%'
OR bcm.keywords LIKE 'k%'
OR bcm.keywords LIKE 'j%'
OR bcm.keywords LIKE 'h%'
答案 0 :(得分:2)
javascript中的解决方案
var getSearchSql = function(kw)
{
if(kw != "")
{
var ors = kw.split(",");
var sql = "";
var sqlVariable = "bcm.keywords";
for(i = 0; i < ors.length; i++)
{
var ands = ors[i].split("+");
sql += (i == 0)? "(": " OR (";
for(j = 0; j < ands.length; j++)
{
sql += (j == 0)? "": " AND ";
sql += sqlVariable + " LIKE '%" + ands[j] + "%' "
}
sql += ")"
}
}
return sql;
}
产生以下(当kw = "D+t+y+g,k,j,h")
(bcm.keywords LIKE '%D%'
AND bcm.keywords LIKE '%t%'
AND bcm.keywords LIKE '%y%'
AND bcm.keywords LIKE '%g%')
OR (bcm.keywords LIKE '%k%')
OR (bcm.keywords LIKE '%j%')
OR (bcm.keywords LIKE '%h%')
答案 1 :(得分:1)
试试这个:
<?
$str = "D+t+y+g,k,j,h";
$comNext = 0;
for ($i = 0 ; $i < strlen($str);$i++){
if ($str[$i+1] == "+"){
$andKey .= " AND bcm.keywords LIKE '".$str[$i]."%'";
}else if ($str[$i+1] == "," || $str[$i+1] == ""){
if ($comNext == 0)
$andKey .= " AND bcm.keywords LIKE '".$str[$i]."%'";
else
$orKey .= " OR bcm.keywords LIKE '".$str[$i]."%'";
$comNext = 1;
}
}
echo $andKey.$orKey;
?>
给我:
AND bcm.keywords LIKE'D%'和 bcm.keywords LIKE't%'和 bcm.keywords LIKE'y%'和 bcm.keywords LIKE'g%'或bcm.keywords 喜欢'k%'或bcm.keywords喜欢'j%'或 bcm.keywords LIKE'h%'
答案 2 :(得分:0)
以下答案中有评论供某人参考...... Thanx帮助亲爱的人......
var ors = kw.split(",");//SPLITS WHERE , IS PRESENT
var sql = "";//INITIALISE SQL VARIABLE,TO BE PASSED TO AJAX
var sqlVariable = " LOWER(bcm.keywords)";//CONVERTS TO LOWER CASE FOR CHECKING, FROM DB
for(i = 0; i < ors.length; i++)// INITIALISE ARRAY TO GIVE OR WHERE , IS PRESENT
// AND FOR FURTHER SPLITTING WHERE + IS PRESENT TILL ORS LENGTH ...
// IE: ORS. LENGTH WILL HAVE VALUE FOR AT LEAST SINGLE , IN STRING
{
var ands = ors[i].split("+");//SPLIT STRING WHERE + IS PRESENT
sql += (i == 0)? "(": " OR (";//REPLACE , WITH OR
for(j = 0; j < ands.length; j++)// SIMILAR STEPS TO ABOVE TO REPLACE + WITH AND
{
sql += (j == 0)? "": " AND ";
sql += sqlVariable + " LIKE '%" + ands[j] + "%' "
}
sql += ")"// THE FINAL SQL ,WITH ALL BRACKETS, IS PASSED TO AJAX FOR
APPENDING TO SOME QUERY STATEMENT.
}
<强>:)
答案 3 :(得分:0)
使用javascript编写SQL语句是疯狂的恕我直言,你在你的应用程序中打开了一个广泛的安全漏洞!
如果要在提交数据之前对数据进行客户端处理,最好使用json或任何其他格式,但请保留SQL以进行服务器端处理。