Question

从jquery帖子传递给我的php函数的信息，但即使我没有提交任何数据，这也会返回我表格中的所有信息

if ( $_REQUEST['startsearch'] ) {
   $shipper = $_POST['postshipper'];
   $dealer = $_POST['postdealer'];
   $customer = $_POST['postcustomer'];
   $serial = $_POST['postserial']; 

   $sql = "SELECT * FROM `orders` WHERE shipper LIKE '%".$shipper."%' and active = '1' OR dealer     LIKE '%".$dealer."%' and active = '1' OR upper(customer) LIKE upper('%".$customer."%') and active = '1' OR serial LIKE '%".$serial."%' and active = '1'";
    $search = mysql_query($sql);
    while ($row = mysql_fetch_array($search)) {
        echo $row['dealer'];
    }
}

即使4个中只有1个被填满，或者所有4个都被填满，我希望能够进行搜索。

Answer 1

您可以动态添加查询。如果该值未设置/为空，则不包括该值。否则，包括。

强制性注释：

Please, don't use mysql_* functions in new code。它们不再被维护and are officially deprecated。请参阅red box？转而了解prepared statements，并使用PDO或MySQLi - this article将帮助您确定哪个。如果您选择PDO here is a good tutorial。

_{参考：https://stackoverflow.com/a/12860140/3859027}

这是通过PDO准备好的陈述：

当然这是未经测试的，但这应该为您提供包含已设置的基本概念。那些未设置的字段将不会包含在查询中。

$db = new PDO('mysql:host=localhost;dbname=DBNAME', 'username', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

if (isset($_REQUEST['startsearch'])) { // if submitted

    $params = array(); // hold the container which the values will be put in
    $base_sql = "SELECT * FROM `orders` WHERE"; // the starting query
    $sql = array(); // this will contain those queries that will be glued after its done

    // if shipper is set
    if(isset($_POST['postshipper'])) {
        // push inside the container
        $sql[] = " shipper LIKE :postshipper AND active = '1' ";
        $params[':postshipper'] = '%' . $_POST['postshipper'] . '%'; // push also the value
    }

    if(isset($_POST['postdealer'])) {
        $sql[] = " dealer LIKE :postdealer AND active = '1' ";
        $params[':postdealer'] = '%' . $_POST['postdealer'] . '%';
    }

    if(isset($_POST['postcustomer'])) {
        $sql[] = " upper(customer) LIKE upper(:customer) AND active = '1' ";
        $params[':postdealer'] = '%' . $_POST['customer'] . '%';
    }

    if(isset($_POST['postserial'])) {
        $sql[] = " serial LIKE :postserial AND active = '1' ";
        $params[':postserial'] = '%' . $_POST['postserial'] . '%';
    }

    // after its done, glue/implode them with `OR`
    $sql = implode(' OR ', $sql);

    $select = $db->prepare($sql);
    $select->execute($params);

    $results = $select->fetchAll(PDO::FETCH_ASSOC);
    print_r($results);
}

Answer 2

您可以使用isset（）函数if(isset($var))，然后当您使用LIKE'％$ var％'时，此查询将生成，否则回显消息，＆amp;保持$ var为空，它与之匹配。

Answer 3

这里的问题是你提出了很多＆＃34;或＆＃34; 所以它通过了所有条件
问题在于你的查询尝试根据你的要求改变它。

SELECT * FROM `orders` WHERE 
shipper LIKE '%".$shipper."%' and (active = '1' OR dealer  
LIKE '%".$dealer."%' and (active = '1' OR upper(customer) LIKE upper('%".$customer."%') )
and (active = '1' OR serial LIKE '%".$serial."%') and active = '1'

Answer 4

如果您想根据提交的$_POST信息进行更精确的搜索，可以试试这个：

if ( $_REQUEST['startsearch'] ) {
    $shipper = isset($_POST['postshipper']) ? $_POST['postshipper'] : '';
    $dealer = isset($_POST['postdealer']) ? $_POST['postdealer'] : '';
    $customer = isset($_POST['postcustomer']) ? $_POST['postcustomer'] : '';
    $serial = isset($_POST['postserial']) ? $_POST['postserial'] : ''; 

    $search_term = '';

    if(!empty($shipper)){
         $search_term = 'shipper = "' . $shipper . '"';
    }
    if(!empty($dealer)){
         if(!empty($search_term)){
               $search_term = $search_term . ' AND ';
         }
         $search_term = $search_term . 'dealer = "' . $dealer . '"';
    }
    if(!empty($customer)){
         if(!empty($search_term)){
               $search_term = $search_term . ' AND ';
         }
         $search_term = $search_term . 'customer = "' . $customer . '"';
    }
    if(!empty($serial)){
         if(!empty($search_term)){
               $search_term = $search_term . ' AND ';
         }
         $search_term = $search_term . 'serial = "' . $serial . '"';
    }

    if(!empty($search_term))
    {
          $sql = 'SELECT * FROM orders WHERE ' . $search_term;

          $search = mysql_query($sql);
          while ($row = mysql_fetch_array($search)) {
              echo $row['dealer']."<br />";
         }
     }
 }

我的MySQL中的PHP搜索返回整个表格？为什么？

4 个答案: