从jquery帖子传递给我的php函数的信息,但即使我没有提交任何数据,这也会返回我表格中的所有信息
if ( $_REQUEST['startsearch'] ) {
$shipper = $_POST['postshipper'];
$dealer = $_POST['postdealer'];
$customer = $_POST['postcustomer'];
$serial = $_POST['postserial'];
$sql = "SELECT * FROM `orders` WHERE shipper LIKE '%".$shipper."%' and active = '1' OR dealer LIKE '%".$dealer."%' and active = '1' OR upper(customer) LIKE upper('%".$customer."%') and active = '1' OR serial LIKE '%".$serial."%' and active = '1'";
$search = mysql_query($sql);
while ($row = mysql_fetch_array($search)) {
echo $row['dealer'];
}
}
即使4个中只有1个被填满,或者所有4个都被填满,我希望能够进行搜索。
答案 0 :(得分:1)
您可以动态添加查询。如果该值未设置/为空,则不包括该值。否则,包括。
强制性注释:
Please, don't use
mysql_*
functions in new code。它们不再被维护and are officially deprecated。请参阅red box?转而了解prepared statements,并使用PDO或MySQLi - this article将帮助您确定哪个。如果您选择PDO here is a good tutorial。
这是通过PDO准备好的陈述:
当然这是未经测试的,但这应该为您提供包含已设置的基本概念。那些未设置的字段将不会包含在查询中。
$db = new PDO('mysql:host=localhost;dbname=DBNAME', 'username', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if (isset($_REQUEST['startsearch'])) { // if submitted
$params = array(); // hold the container which the values will be put in
$base_sql = "SELECT * FROM `orders` WHERE"; // the starting query
$sql = array(); // this will contain those queries that will be glued after its done
// if shipper is set
if(isset($_POST['postshipper'])) {
// push inside the container
$sql[] = " shipper LIKE :postshipper AND active = '1' ";
$params[':postshipper'] = '%' . $_POST['postshipper'] . '%'; // push also the value
}
if(isset($_POST['postdealer'])) {
$sql[] = " dealer LIKE :postdealer AND active = '1' ";
$params[':postdealer'] = '%' . $_POST['postdealer'] . '%';
}
if(isset($_POST['postcustomer'])) {
$sql[] = " upper(customer) LIKE upper(:customer) AND active = '1' ";
$params[':postdealer'] = '%' . $_POST['customer'] . '%';
}
if(isset($_POST['postserial'])) {
$sql[] = " serial LIKE :postserial AND active = '1' ";
$params[':postserial'] = '%' . $_POST['postserial'] . '%';
}
// after its done, glue/implode them with `OR`
$sql = implode(' OR ', $sql);
$select = $db->prepare($sql);
$select->execute($params);
$results = $select->fetchAll(PDO::FETCH_ASSOC);
print_r($results);
}
答案 1 :(得分:0)
您可以使用isset()函数if(isset($var))
,然后当您使用LIKE'%$ var%'时,此查询将生成,否则回显消息,&保持$ var为空,它与之匹配。
答案 2 :(得分:0)
这里的问题是你提出了很多"或" 所以它通过了所有条件
问题在于你的查询尝试根据你的要求改变它。
SELECT * FROM `orders` WHERE
shipper LIKE '%".$shipper."%' and (active = '1' OR dealer
LIKE '%".$dealer."%' and (active = '1' OR upper(customer) LIKE upper('%".$customer."%') )
and (active = '1' OR serial LIKE '%".$serial."%') and active = '1'
答案 3 :(得分:0)
如果您想根据提交的$_POST
信息进行更精确的搜索,可以试试这个:
if ( $_REQUEST['startsearch'] ) {
$shipper = isset($_POST['postshipper']) ? $_POST['postshipper'] : '';
$dealer = isset($_POST['postdealer']) ? $_POST['postdealer'] : '';
$customer = isset($_POST['postcustomer']) ? $_POST['postcustomer'] : '';
$serial = isset($_POST['postserial']) ? $_POST['postserial'] : '';
$search_term = '';
if(!empty($shipper)){
$search_term = 'shipper = "' . $shipper . '"';
}
if(!empty($dealer)){
if(!empty($search_term)){
$search_term = $search_term . ' AND ';
}
$search_term = $search_term . 'dealer = "' . $dealer . '"';
}
if(!empty($customer)){
if(!empty($search_term)){
$search_term = $search_term . ' AND ';
}
$search_term = $search_term . 'customer = "' . $customer . '"';
}
if(!empty($serial)){
if(!empty($search_term)){
$search_term = $search_term . ' AND ';
}
$search_term = $search_term . 'serial = "' . $serial . '"';
}
if(!empty($search_term))
{
$sql = 'SELECT * FROM orders WHERE ' . $search_term;
$search = mysql_query($sql);
while ($row = mysql_fetch_array($search)) {
echo $row['dealer']."<br />";
}
}
}