我无法使用我网站的“高级搜索”功能。 从本质上讲,它是对音乐家的高级搜索(城市,名字成员,按文本框拉链和按复选框排序)。这是“高级搜索”php页面上的代码......
<form method="post" action="advsearchresults.php">
<div class="control-group">
<div class="controls span4">
<label>City</label>
<input type="text" name="advCity" placeholder="Ex: San Marcos..." />
<label>Zip Code</label>
<input type="text" name="advZip" placeholder="Ex: 78666..." />
<label>Band Name</label>
<input type="text" name="advBand" placeholder="Ex: Catchy Band Name..." />
<label>Band Member Name</label>
<input type="text" name="advMember" placeholder="Ex: Steve Stevenson..." />
</div>
<div class="controls span2"><br/><br/><br/>
<label class="checkbox">
<input type="checkbox" name="check_list[]" value="Blues"> Blues
</label>
<label class="checkbox">
<input type="checkbox" name="check_list[]" value="Classical"> Classical
</label>
<label class="checkbox">
<input type="checkbox" name="check_list[]" value="Comedy"> Comedy
</label>
<label class="checkbox">
<input type="checkbox" name="check_list[]" value="Country"> Country
</label>
...
...
</div>
<div class="span12">
<center>
<input type="submit" class="btn btn-info" value=" Advanced Search ">
</div>
...
这是“高级搜索结果”页面......
...
<?php
$advCity = $_POST['advCity'];
$advZip = $_POST['advZip'];
$advBand = $_POST['advBand'];
$advMember = $_POST['advMember'];
$check = $_POST['check_list'];
?>
...
<?php
if(isset($_POST['check_list']) && is_array($_POST['check_list'])){
foreach($_POST['check_list'] as $check) {
$genreQuery = "SELECT profile.PROFILE_GENRE, profile.PROFILE_BANDNAME
FROM profile INNER JOIN band ON profile.PROFILE_PROFILEID = band.BAND_PROFILEID
INNER JOIN bandmember ON band.BAND_BANDID = bandmember.BANDMEMBER_BANDID
WHERE band.BAND_CITY = '$advCity' OR profile.PROFILE_GENRE = '$check'
OR band.BAND_ZIP = '$advZip' OR profile.PROFILE_BANDNAME = '$advBand'
OR bandmember.BANDMEMBER_NAME = '$advMember'";
$result = mysql_query($genreQuery) OR die(mysql_error());
$num=mysql_numrows($result);
mysql_close();
if ($num > 0){
?>
<table class="table table-hover span8" method="post" action="bandpage.php">
<thead>
<tr>
<th>Genre</th>
<th>Band Name</th>
</tr>
</thead>
<?php
$i = 0;
while ($i < $num) {
$GENRE = mysql_result($result,$i,"profile.PROFILE_GENRE");
$BANDNAME = mysql_result($result,$i,"profile.PROFILE_BANDNAME");
?>
<tbody>
<tr>
<td><?php echo $GENRE; ?></td>
<td><a href="bandpage.php" name="band"><?php echo $BANDNAME; ?>
</a></td></tr</tbody>
<?php
$i++;
}
}
else {
?>
<table class="table span8">
<thead>
<tr>
<th>No musicians available for the city: <?php echo $advCity ?></th>
</tr>
</thead>
</table>
<?php
}
}
}
?>
搜索结果根本没有显示,而是显示随机表格数据。非常感谢任何帮助!
SELECT
profile.PROFILE_GENRE,
profile.PROFILE_BANDNAME
FROM
profile
INNER JOIN band ON profile.PROFILE_PROFILEID = band.BAND_PROFILEID
INNER JOIN bandmember ON band.BAND_BANDID = bandmember.BANDMEMBER_BANDID
WHERE
band.BAND_CITY = '$advCity' OR
profile.PROFILE_GENRE = '$check' OR
band.BAND_ZIP = '$advZip' OR
profile.PROFILE_BANDNAME = '$advBand' OR
bandmember.BANDMEMBER_NAME = '$advMember'
答案 0 :(得分:2)
您的SQL正在执行所有谓词,无论它们是否被设置,因此如果用户没有明确地为$advBand提供值,那么它将具有值""(空字符串) ),它仍将包含在您的查询中。由于OR是可交换的,因此将返回任何具有空PROFILE_BANDNAME值的行。
有两种可能的解决方案:“动态SQL”,您手动添加谓词,或者为每个谓词添加保护表达式。动态SQL可能容易出错,因此向WHERE添加表达式可能更容易,它应该如下所示:
(此示例使用特定于MySQL的field > ''语法,这是一种快速的方法,可以执行“非空或空”值比较,它还使用MySQL参数。
WHERE
(:advCity > '' AND band.BAND_CITY = :advCity ) OR
(:check > '' AND profile.PROFILE_GENRE = :check ) OR
(:advZip > '' AND band.BAND_ZIP = :advZip ) OR
(:advBand > '' AND profile.PROFILE_BANDNAME = :advBand ) OR
(:advMember > '' AND bandmember.BANDMEMBER_NAME = :advMember )
修改PHP的其余部分以使用MySQL参数是读者的练习:)