我仍然是PHP的新手,所以请原谅我,如果我忽略了一些简单的事情。我正在尝试构建一个成员搜索表单,允许人们通过输入一个或多个条件来查找成员:名字或用户名,城市,州,国家或电子邮件地址。如果输入单个字段,则表单有效;如果名称/用户名字段具有值,则表单仅适用于多个字段。假设这是一个逻辑问题。提前谢谢。
if (!isset($_POST['fname']))
{
//If not isset -> set with dummy value
$_POST['fname'] = "undefine";
}
if (!isset($_POST['city']))
{
//If not isset -> set with dummy value
$_POST['city'] = "undefine";
}
if (!isset($_POST['state']))
{
//If not isset -> set with dummy value
$_POST['state'] = "undefine";
}
if (!isset($_POST['country']))
{
//If not isset -> set with dummy value
$_POST['country'] = "undefine";
}
if (!isset($_POST['email']))
{
//If not isset -> set with dummy value
$_POST['email'] = "undefine";
}
// DEFAULT QUERY STRING
$queryString = '';
if ($_POST['fname'] != '') {
$fname = $_POST['fname'];
$fname = stripslashes($fname);
$fname = strip_tags($fname);
$fname = preg_replace('#[^A-Za-z 0-9]#i', '', $fname);
$fname = mysql_real_escape_string($fname);
$queryString = "(firstname LIKE '%$fname%' OR username LIKE '%$fname%')";
} else {
$queryString = '';
}
if ($_POST['city'] != '') {
if (($_POST['fname'] != '') || ($_POST['state'] != '') || ($_POST['country'] != '') || ($_POST['email'] != '')){
$city = $_POST['city'];
$city = stripslashes($city);
$city = strip_tags($city);
$city = preg_replace('#[^A-Za-z 0-9]#i', '', $city);
$city = mysql_real_escape_string($city);
$queryString .= " AND city='$city'";
} else {
$city = $_POST['city'];
$city = $_POST['city'];
$city = stripslashes($city);
$city = strip_tags($city);
$city = preg_replace('#[^A-Za-z 0-9]#i', '', $city);
$city = mysql_real_escape_string($city);
$queryString .= "city='$city'";
}
} else {
$queryString .= '';
}
if ($_POST['state'] != '') {
if (($_POST['fname']) || ($_POST['city']) || ($_POST['country']) || ($_POST['email'])){
$state = $_POST['state'];
$state = stripslashes($state);
$state = strip_tags($state);
$state = preg_replace('#[^A-Za-z 0-9]#i', '', $state);
$state = mysql_real_escape_string($state);
$queryString .= " AND state='$state'";
} else {
$state = $_POST['state'];
$state = stripslashes($state);
$state = strip_tags($state);
$state = preg_replace('#[^A-Za-z 0-9]#i', '', $state);
$state = mysql_real_escape_string($state);
$queryString .= "state='$state'";
}
} else {
$queryString .= '';
}
if ($_POST['country'] != '') {
if (($_POST['fname']) || ($_POST['city']) || ($_POST['state']) || ($_POST['email'])) {
$country = $_POST['country'];
$queryString .= " AND country='$country'";
}
else {
$country = $_POST['country'];
$queryString .= "country='$country'";
}
} else {
$queryString .= '';
}
if ($_POST['email'] != '') {
if (($_POST['fname']) || ($_POST['city']) || ($_POST['state']) || ($_POST['country'])){
$email = $_POST['email'];
$email = stripslashes($email);
$email = strip_tags($email);
$email = preg_replace('#[^A-Za-z 0-9,.@-]#i', '', $email);
$email = mysql_real_escape_string($email);
$queryString .= " AND email='$email'";
} else {
$email = $_POST['email'];
$queryString .= "email='$email'";
}
} else {
$queryString .= '';
}
////////////// QUERY THE MEMBER DATA USING THE $queryString variable's value
$sql = mysql_query("SELECT id, username, firstname, city, state, country FROM members WHERE $queryString AND emailactivated='1' ORDER BY id ASC");
答案 0 :(得分:1)
绝对是构建查询字符串的非常可怕的方法。我会说它废弃并重新开始,但既然你是新手,我们就会用你所拥有的东西来工作。
第一步是停止假设您的SQL正在运行。您没有对查询调用进行任何错误检查,因此您会获得有用反馈的ZERO。因此,请将查询调用更改为:
$sql = mysql_query(...query...) or die(mysql_error());
^^^^^^^^^^^^^^^^^^^^^^---add this
现在,您将获得实际的mysql错误消息的良好转储,以及查询的片段,以解释查询的错误位置/方式。最有可能的是,考虑到你在那里添加的所有字段,你已经忘记了空格或其他内容,并使查询看起来像p=qand z=y(注意q和{之间缺少空格{1}})。
一旦收到这些错误消息,您就可以更轻松地找出语法错误的位置,以及修复错误所需的内容。
答案 1 :(得分:0)
我看到了几个问题:
在isset测试中,您将未定义的变量设置为'undefine',但在创建查询时,您需要测试''。这意味着如果名称为空白,您将始终寻找名为undefine的人。
您不应尝试使用代码修改$_POST变量。您需要将$_POST加载到另一个变量中并在代码中使用它。
答案 2 :(得分:0)
//获取所有发布的数据
if(isset($_POST['fname']))
{
$fname=$_POST['fname'];
}
//获取所有字段值
if(empty($fname))
{
}
else
{
$where . ="fname=$fname and ";
}
//Check and build where for each field
// then remove the last and
$where = rtrim($where, ' AND ');
if (empty($where)) {
$where_str = NULL;
} else {
$where_str = "WHERE $where";
}
$query ="select fieldNames from tableName ";
$query . =$where_str;