我一直在尝试几个小时来搜索从文本框传递的值。文本框是项目名称,项目描述, unitcost 和数量。在此, unitcost 和数量有两个文本框。它应该搜索范围值。我尝试的SQL代码是:
文本框<input name="item_search" id="item_search" value="" placeholder="" class="input-size
search-estimateid_search search-text" type="text">
<input class="input-small" name="sunit_cost" id="sunit_cost" type="text">
<input class="input-small" name="eunit_cose" id="eunit_cost"type="text">
<input name="item_description" id="item_description" type="text">
<input class="input-small" name="squantity" id="squantity" type="text">
<input class="input-small" name="equantity" id="equantity" type="text">
$itemname = $_POST['item_name']; //Value from textbox itemname
$description = $_POST['item_description']; // "
$start_cost = $_POST['startcost']; // Range values to search in unitcost
$end_cost = $_POST['endcost']; // "
$start_quantity = $_POST['startquantity'];//Range values to search in quantity
$end_quantity = $_POST['endquantity']; // "
mysql_query("SELECT * FROM `quotation`.`items` WHERE (CONVERT(`NAME` USING utf8) LIKE
'%$itemname%' AND CONVERT(`DESCRIPTION` USING utf8) LIKE '%$description%' AND (COST
BETWEEN $startcost AND $endcost)AND (QTY BETWEEN $startquantity AND $endquantity));")or
die(mysql_error());
即使某些值未从文本框中传递,如何让我的代码执行?
答案 0 :(得分:0)
你需要稍微清理一下......
SELECT * FROM `quotation`.`items` WHERE CONVERT(`NAME` USING utf8) LIKE
'%$_POST[item_name]%' AND CONVERT(`DESCRIPTION` USING utf8) LIKE
'%$_POST['item_description']%' AND COST > $_POST['startcost']
AND COST < $_POST['endcost'])AND QTY > $_POST['startquantity'] AND
QTY < $_POST['endquantity']
答案 1 :(得分:0)
我不确定这只是一个错字,但您的name属性与您尝试从$_POST获得的变量完全不匹配。
例如:
<input class="input-small" name="squantity" id="squantity" type="text">
在PHP中,它将以:
的形式提供$start_quantity = $_POST['squantity'];
^^^^^^^^^ here
您还需要根据实际设置的变量/有效值来构建查询。
您还需要使用预准备语句和绑定变量切换到PDO或MySQLi,因为现在您遇到SQL injection问题,并且不推荐使用mysql_*函数。 / p>
答案 2 :(得分:0)
您也可以编写一个stored procedure来接受搜索词作为参数,如果传递的值不是null或空字符串,则程序会连接不同的查询词。
你的程序看起来像这样:
CREATE PROCEDURE `search_products`(
IN item_name VARCHAR(50),
IN description VARCHAR(50),
IN start_cost decimal ,
IN end_cost decimal,
IN start_quantity int,
IN end_quantity int
)
BEGIN
set @sql = " select * from quotation.items where 0=0 ";
if ((item_name is not null) and (item_name<>'')) then
set @sql = concat(@sql," and NAME like '",item_name,"%'");
end if;
if ((item_name is not null) and (item_name<>'')) then
set @sql = concat(@sql," and NAME like '",item_name,"%'");
end if;
if ((start_cost is not null) and (start_cost<>'')and (end_cost is not null) and (end_cost<>'')) then
set @sql =concat(@sql, " and `COST` BETWEEN ", start_cost, " and ", start_cost);
end if;
if ((start_quantity is not null) and (start_quantity<>'')and (end_quantity is not null) and (end_quantity<>'')) then
set @sql =concat(@sql, " and `COST` BETWEEN ", start_quantity, " and ", end_quantity);
end if;
PREPARE vsql FROM @sql;
EXECUTE vsql;
DEALLOCATE PREPARE vsql;
END;
然后在您将调用查询的PHP代码部分中,您只需调用存储过程。这就是我通常使用可选参数处理查询的方法。 您还需要密切关注字段中的名称,以便使用post方法调用接收这些值。名字必须相同。
答案 3 :(得分:-1)
请尝试以下方法。如果您的一些文本框为空,则还使用非空的文本框进行搜索。
<?php
$condition = "WHERE ";
if (!empty($_POST['itemname'])) {
$condition .= "(CONVERT(`NAME` USING utf8) LIKE '".$_POST['itemname']."' AND ";
}
if (!empty($_POST['item'])) {
$condition .= "NAME ='".$_POST['item']."' AND ";
}
if (!empty($_POST['description'])) {
$condition .= "CONVERT(`DESCRIPTION` USING utf8) LIKE '".$_POST['description']."' AND ";
}
if (!empty($_POST['startcost']) && !empty($_POST['endcost'])) {
$condition .= "(COST BETWEEN '".$_POST['startcost'] ."' AND '".$_POST['endcost']."') AND ";
}
if (!empty($_POST['startquantity']) && !empty($_POST['endquantity'])) {
$condition .= "(QTY BETWEEN '".$_POST['startquantity']."' AND '".$_POST['endquantity']."') AND ";
}
mysql_query("SELECT * FROM `quotation`.`items` '".$condition."'")or die(mysql_error());
?>