我想知道是否有人可以帮助我。下面的代码将生成所有类型=总线的用户,但不会只产生批准的= 1.如果有人能指出我的错误,我会很高兴。某人通过表单将文字输入文本框时触发了搜索查询,这部分工作正常,只有在该文章中显示搜索词的用户才出现,只有类型=总线但已批准= 1的用户似乎没有效果,返回所有批准的,我真的希望有人可以提供帮助。
$query = "select * from users where type='bus' and approved=1 and
name like \"%$trimmed%\"
or profile_words like \"%$trimmed%\"
or full_name like \"%$trimmed%\"
or tag_line like \"%$trimmed%\"
or referral like \"%$trimmed%\"
or profession like \"%$trimmed%\"
order by full_name";
答案 0 :(得分:1)
将您的条件分组,
$query = "
select *
from users
where type='bus' and
approved = 1 and
(
name like \"%$trimmed%\" or
profile_words like \"%$trimmed%\" or
full_name like \"%$trimmed%\" or
tag_line like \"%$trimmed%\" or
referral like \"%$trimmed%\" or
profession like \"%$trimmed%\
)
order by full_name";
我向您提出建议,请使用 PDO 或 MySQLI 扩展名来避免SQL注入。
PDO的例子,
<?php
$query = "
select *
from users
where type='bus' and
approved = 1 and
(
name like ? or
profile_words like ? or
full_name like ? or
tag_line like ? or
referral like ? or
profession like ?
)
order by full_name";
$name = '%' . $trimmed . '%';
$stmt = $dbh->prepare($query);
$stmt->bindParam(1, $name);
$stmt->bindParam(2, $name);
$stmt->bindParam(3, $name);
$stmt->bindParam(4, $name);
$stmt->bindParam(5, $name);
$stmt->bindParam(6, $name);
$stmt->execute();
?>
答案 1 :(得分:0)
$query = "select * from users where type='bus' and approved=1 and
(name like \"%$trimmed%\"
or profile_words like \"%$trimmed%\"
or full_name like \"%$trimmed%\"
or tag_line like \"%$trimmed%\"
or referral like \"%$trimmed%\"
or profession like \"%$trimmed%\")
order by full_name";
答案 2 :(得分:0)
我认为你批准的部分很好,但我认为问题可能出在OR的开头。尝试通过分隔AND和OR语句来放置括号:
$query = "select * from users where type='bus' and approved=1 and
( name like \"%$trimmed%\"
or profile_words like \"%$trimmed%\"
or full_name like \"%$trimmed%\"
or tag_line like \"%$trimmed%\"
or referral like \"%$trimmed%\"
or profession like \"%$trimmed%\" )
order by full_name";
答案 3 :(得分:0)
将您的操作员放在哪里。目前你正在
where (type='bus' and approved=1)
or .... [all the other operators]