我正在尝试制作一个高级搜索引擎,您可以使用名字,姓氏,邮政编码,城市,州,电话,手机和电子邮件进行搜索。
我设法让它按名字搜索,但你必须正确输入第一个名字,除了第一个名字搜索以找到我的问题,我还没找到它,这是我试图转换为PDO的搜索代码的MySQL版本。
MySQL的:
<?php
//This is only displayed if they have submitted the form
if ($searching =="yes") {
echo "<h2>Results</h2><p>";
//If they did not enter a search term we give them an error
if ($find == "")
if ($f == "")
if ($info == "")
if ($zip == "")
if ($state == "")
if ($email == "")
{
echo "<p>You forgot to enter a search term";
exit;
}
// Otherwise we connect to our Database
mysql_connect("xxx", "xxxx", "xxx") or die(mysql_error());
mysql_select_db("xxxx") or die(mysql_error());
// We preform a bit of filtering
//Now we search for our search term, in the field the user specified
$data = mysql_query("SELECT * FROM users WHERE fname
LIKE '%" . mysql_real_escape_string($find) . "%' AND lname
LIKE '%" . mysql_real_escape_string($f) . "%' AND info
LIKE '%" . mysql_real_escape_string($info) . "%' AND zip
LIKE '%" . mysql_real_escape_string($zip) . "%' AND state
LIKE '%" . mysql_real_escape_string($state) . "%' AND email
LIKE '%" . mysql_real_escape_string($city) . "%' AND city
LIKE '%" . mysql_real_escape_string($email) . "%'");
?>
<?php
//And we display the results
while($result = mysql_fetch_array( $data ))
{
echo "<hr><br>First Name: ";
echo $result['fname'];
echo "<br>Last Name: ";
echo $result['lname'];
echo "<br>Home Phone: ";
echo $result['info'];
echo "<br>Cell Phone: ";
echo $result['cp'];
echo "<br>City: ";
echo $result['city'];
echo "<br>State: ";
echo $result['state'];
echo "<br>Zip: ";
echo $result['zip'];
echo "<br>Email: ";
echo $result['email'];
echo "<br><hr>";
}
//This counts the number or results - and if there wasn't any it gives them a little message explaining that
$anymatches=mysql_num_rows($data);
if ($anymatches == 0)
{
echo "Sorry, but we can not find an entry to match your query<br><br>";
}
//And we remind them what they searched for
echo "<b>Searched For:
</b> " .$find;
}
?>
现在这是我的PDO版本:
<?
$dsn = 'mysql:host=xxx;dbname=xxx;charset=utf8';
$opt = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
);
$pdo = new PDO($dsn,'xxx','xxx', $opt);
$stmt = $pdo->prepare("SELECT * FROM users WHERE fname= ?");
if ($stmt->execute(array($fname)));
while ($row = $stmt->fetch()) {
print $row['fname'] . "<br>";
print $row['lname'] . "\t<br>";
print $row['info'] . "\n<br>";
print $row['cp'] . "\n<br>";
print $row['state'] . "\n<br>";
print $row['city'] . "\n<br>";
print $row['zip'] . "\n<br>";
print $row['email'] . "\n<br>";
}
?>
欢迎并赞赏提示,建议和意见。
答案 0 :(得分:0)
我猜你会构建一个sql-string并使用参数 您不会在用户留空的sql字段中包含该内容。
// **EDIT** check if there's any user-input...
if (!isset($_POST['fname']) && !isset($_POST['lname'])) { // add all your input-fields
echo "<p>please enter a search term!</p>";
echo '<a href="search.php">try again</a>";
exit();
}
$sql = '';
$bind = array();
if (strlen($_POST[‘firstname‘]) > 0) { // assuming your form-method is "post"
$sql .= 'AND fname LIKE :fname ';
$bind['fname'] = '%'.$_POST['firstname'].'%';
}
if (strlen($_POST['lastname']) > 0)
$sql .= 'AND lname LIKE :lname ';
$bind['lname'] = '%'.$_POST['lastname'].'%';
}
// ...
// do this will all of your input-fields...
$sql = 'SELECT * FROM users WHERE ' . trim($sql, 'AND') . ' ORDER BY lname';
$stmt = $pdo->prepare($sql);
$stmt->execute(array($bind));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
// go ahead and display your results with foreach...
答案 1 :(得分:0)
您最大的问题是您在AND条款中使用的是OR而不是WHERE。将其更改为:
SELECT *
FROM `table`
WHERE `name` LIKE '%string%'
OR `zip` LIKE '%string%'
// AND SO ON