动态构造SELECT查询

时间:2013-09-18 11:19:55

标签: php mysql sql pdo

这是我学习PHP的第三天,我遇到了一个问题。我的UPDATE和INSERT PDO查询运行正常,但是让SELECT查询动态地运行起来很复杂。

这是我的搜索表单:

<h1>Search</h1> 
<form action="otsingu_tulemused.php" method="post"> 
    Aadress:<br /> 
    <input type="text" name="aadress" value="" /> 
    <br /><br /> 
    Hind:<br />
    <input type="text" name="hind" value="" /><br /> 
    <br /><br /> 
    <input type="submit" value="Otsi" /> 
</form>

这是我的搜索结果页面:

<?php 

    // First we execute our common code to connection to the database and start the session 
    require("common.php"); 


    // This if statement checks to determine whether the edit form has been submitted 
    // If it has, then the account updating code is run, otherwise the form is displayed 

//        Vaatame, kas aadressi väli on täidetud
        if(!empty($_POST['aadress'])) 
        { 
            $aadress = $_POST['aadress']; 
        }
        else {
            $aadress = null;
        } 
//        Vaatame, kas hinna väli on täidetud
        if(!empty($_POST['hind'])) 
        { 
            $hind = $_POST['hind']; 
        }
        else {
            $hind = null;
        } 
//      Kui aadressi väli on täidetud, siis anname parameetrile väärtuse        
        if($aadress !== null) 
        { 
            $query_params[':addr'] = $aadress; 
        }
//      Kui hinna väli on täidetud, siis anname parameetrile väärtuse           
        if($hind !== null) 
        { 
            $query_params[':price'] = $hind; 
        } 

        // Note how this is only first half of the necessary update query.  We will dynamically 
        // construct the rest of it depending on whether or not the user is changing 
        // their password. 
        $query = " 
            SELECT 
                * 
            FROM kuulutused 
            WHERE 
        "; 

        // If the user is changing their password, then we extend the SQL query 
        // to include the password and salt columns and parameter tokens too. 
        if($address !== null) 
        { 
            $query .= " 
                addr LIKE :addr 
            "; 
        } 
        if($price !== null) 
        { 
            $query .= " 
            AND
                price = :price 
            "; 
        } 

        try 
        { 
            // Execute the query 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
            $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
        } 
        catch(PDOException $ex) 
        { 
            // Note: On a production website, you should not output $ex->getMessage(). 
            // It may provide an attacker with helpful information about your code.  
            die("Failed to run query: " . $ex->getMessage()); 
        } 

?>
 <table class="table">
<?php foreach( $result as $row ){
   echo "<tr><td>";
     echo $row['addr'];
     echo "</td><td>";
     echo $row['price'];
     echo "</td>";
   echo "</tr>";
   }
?>
</table>

此查询给出了一个错误:

  

无法运行查询:SQLSTATE [42000]:语法错误或访问冲突:1064 SQL语法中出错;检查与MySQL服务器版本对应的手册,以便在第4行的''附近使用正确的语法。

2 个答案:

答案 0 :(得分:1)

如果未设置条件,则查询将为:

SELECT * FROM kuulutused WHERE

如您所见,WHERE为空,语法错误。

如果未设置$ address且设置了$ price,则最终会以

结束 
SELECT * FROM kuulutused WHERE AND price = :price

再次,语法错误。

使用mysql,您可以从:

开始 
SELECT * FROM kuulutused WHERE 1

然后始终添加AND column = :valueAND column LIKE :value

答案 1 :(得分:-2)

语法错误 像使用PDO一样缺少%

此外,您必须检查具有特定条件的where子句。

相关问题
最新问题