嗨我正在尝试创建一个商店定位器和零件查找器,ATM我有一个SQL查询使用LIKE获得所有答案,其中有1连接到php输入以及我将如何更改LIKE'% %'子句来自于特定于用户放入表单中的任何内容,但是获得与之类似的结果相同的结果,因此如果我键入1,则显示所有部分,如果我键入4则表示相同。我的代码是:
<head>
<?php
$serverName = "127.0.0.0";
$connectionInfo = array( "Database"=>"db", "UID"=>"id", "PWD"=>"pwd");
$conn = sqlsrv_connect( $serverName, $connectionInfo );
if( $conn === false )
{
die( print_r( sqlsrv_errors(), true));
}
$sql = "SELECT dbo.Customer.name, dbo.Customer.address1, dbo.Customer.address2, dbo.Customer.address3, dbo.Customer.city, dbo.Customer.state, dbo.Customer.zip,
dbo.Customer.faxnum, dbo.Customer.phonenum, dbo.Customer.emailaddress, Part.description, Part.partnum, ROUND(odbcadmin.fn_calDist(- 0.03715491813985, 0.9178158214586024, long * 0.0174532925, lat * 0.0174532925) ,2)AS distances
FROM dbo.Customer INNER JOIN
CustomerPartCrossRef ON dbo.Customer.company = CustomerPartCrossRef.company AND dbo.Customer.shiptonum = CustomerPartCrossRef.shiptonum AND
dbo.Customer.custnum = CustomerPartCrossRef.custnum INNER JOIN
Part ON CustomerPartCrossRef.partnum = Part.partnum AND CustomerPartCrossRef.company = Part.company
WHERE Part.partnum LIKE '%%' AND (ROUND(odbcadmin.fn_calDist(- 0.03715491813985, 0.9178158214586024, long * 0.0174532925, lat * 0.0174532925),2) <= 150)
ORDER BY distances ";
$stmt = sqlsrv_query( $conn, $sql );
if( $stmt === false)
{
die( print_r( sqlsrv_errors(), true) );
}
while( $row = sqlsrv_fetch_array( $stmt, SQLSRV_FETCH_ASSOC) ) {
echo $row['name']."<br/>".$row['address1']."<br/>".$row['state']."<br/>".$row['zip']."<br/>".$row['phonenum']."<br/>".$row['distances']."<br/>".$row['partnum']."<br/>"
.$row['description']."<br/>";
}
sqlsrv_free_stmt( $stmt);
?>
</head>
<body>
part = <?php echo $_POST["part"];?>
</body>
答案 0 :(得分:0)
首先,我建议你使用PDO而不是sqlsrv_*()
函数。这是一个例子:
$sql = "SELECT dbo.Customer.name, dbo.Customer.address1, dbo.Customer.address2, dbo.Customer.address3, dbo.Customer.city, dbo.Customer.state, dbo.Customer.zip,
dbo.Customer.faxnum, dbo.Customer.phonenum, dbo.Customer.emailaddress, Part.description, Part.partnum, ROUND(odbcadmin.fn_calDist(- 0.03715491813985, 0.9178158214586024, long * 0.0174532925, lat * 0.0174532925) ,2)AS distances
FROM dbo.Customer INNER JOIN
CustomerPartCrossRef ON dbo.Customer.company = CustomerPartCrossRef.company AND dbo.Customer.shiptonum = CustomerPartCrossRef.shiptonum AND
dbo.Customer.custnum = CustomerPartCrossRef.custnum INNER JOIN
Part ON CustomerPartCrossRef.partnum = Part.partnum AND CustomerPartCrossRef.company = Part.company
WHERE Part.partnum LIKE '%?%' AND (ROUND(odbcadmin.fn_calDist(- 0.03715491813985, 0.9178158214586024, long * 0.0174532925, lat * 0.0174532925),2) <= 150)
ORDER BY distances ";
$dbh = new PDO('sqlsrv:Server=localhost;Database=testdb', DB_USER, DB_PASS);
$stmt = $dbh->prepare($sql);
$stmt->execute(array($_GET['users_input']));
当execute()
被调用时,我添加到您的查询中的?
将被数组中的值替换。有关详细信息,请参阅http://www.php.net/manual/en/pdo.prepared-statements.php。
显然,您可能希望在将用户输入传递到execute()
之前验证用户输入。