我正在尝试通过db列中包含的单词过滤sql查询。
这是有效的(请不要告诉我有错误......它不适用于哪里)
$query = sprintf("SELECT *, ( 3959 * acos( cos( radians('%s') ) * cos( radians( `Lat` ) ) * cos( radians( `Long` ) - radians('%s') ) + sin( radians('%s') ) * sin( radians( `Lat` ) ) ) ) AS distance FROM Tutors HAVING distance < '%s' ORDER BY distance",
mysql_real_escape_string($lat),
mysql_real_escape_string($lng),
mysql_real_escape_string($lat),
mysql_real_escape_string($radius));
$result = mysql_query($query, $dbConn);
我想添加以下内容:
$query = sprintf("SELECT *, ( 3959 * acos( cos( radians('%s') ) * cos( radians( `Lat` ) ) * cos( radians( `Long` ) - radians('%s') ) + sin( radians('%s') ) * sin( radians( `Lat` ) ) ) ) AS distance FROM Tutors HAVING distance < '%s' AND SubjectList like '%s' ORDER BY distance",
mysql_real_escape_string($lat),
mysql_real_escape_string($lng),
mysql_real_escape_string($lat),
mysql_real_escape_string($radius),
mysql_real_escape_string($subject));
$result = mysql_query($query, $dbConn);
答案 0 :(得分:1)
这是现在有效的解决方案 - 感谢大家的帮助
$query = "SELECT *, ( 3959 * acos( cos( radians('". addslashes($lat) ."') ) * cos( radians( `Lat` ) ) * cos( radians( `Long` ) - radians('". addslashes($lng) ."') ) + sin( radians('". addslashes($lat) ."') ) * sin( radians( `Lat` ) ) ) ) AS distance FROM Tutors WHERE `SubjectList` LIKE '%". addslashes($subject) ."%' GROUP BY distance HAVING distance < '". addslashes($radius) ."'";
答案 1 :(得分:0)
你试过了吗?
SELECT *,(formula) AS distance FROM Tutors WHERE SubjectList LIKE '%s' ORDER BY distance HAVING distance < '%s'
WHERE作用于所有行,而HAVING作用于聚合函数,因此您需要确保首先减少了聚合公式所依据的集合。这也将产生更有效的查询。
HAVING vs. WHERE有时是一个非常棘手的区别,这个链接很好地描述了它: