MySQL Like查询不识别数据库中的第一个单词

时间:2015-05-05 23:47:57

标签: php mysql string sql-like

基本上我试图使用$gen变量将用户查询与存储在描述音乐类型的数据库中的字符串相匹配。我的问题是,如果该类型是Indie / Pop并且用户选择Indie作为搜索查询,则将显示该事件。如果他们选择Pop,则不显示该事件。

以下是我查询数据库的方法。 

$sql="SELECT * FROM $tab WHERE genre LIKE '$gen%'AND dateForm = '$datepicker'";

任何得到的帮助

php脚本获取信息

<?php

$con = mysqli_connect('localhost','root','','python');
if (!$con) {
    die('Could not connect: ' . mysqli_error($con));
}

mysqli_select_db($con,"ajax");
$gen = $_GET['gen'];
$gen = mysql_real_escape_string($gen);
$tab = $_GET['tab'];
$tab = mysql_real_escape_string($tab);
$datepicker = $_GET['datepicker'];
$sql="SELECT * FROM $tab WHERE genre LIKE '%$gen%' AND dateForm = '$datepicker'";
$result = mysqli_query($con,$sql);

echo "<table class='table table-hover'><thead>
<tr>
<th><h3>Artist</th>
<th><h3>Location</th>
<th><h3>Date</th>
<th><h3>Genre</th>
<th><h3>Preview</th>
</tr></thead>";

while($row = mysqli_fetch_array($result)) {    
    echo "<tr>";
    echo "<td>" . $row['artist'] . "</td>";
    echo "<td> <b>Venue: </b>" . $row['venue'] . "<p><b>Location: </b>" . $row['location'] . "</td>";
    echo "<td>" . $row['datez'] . "</td>";
    echo "<td>" . $row['genre'] . "</td>";
    echo "<td>" . '<iframe width="100%" height="100" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/' . $row['link'] . '&amp;color=000000&amp;auto_play=false&amp;hide_related=false&amp;show_comments=true&amp;show_user=true&amp;show_reposts=false"></iframe>' . "</td>";
    echo "</tr>";
 }  

echo "</table>";
mysqli_close($con);

gen变量是使用AJAX

制作的 
  function ajaxFunction(){
  var ajaxRequest;  // The variable that makes Ajax possible!

  try{
    // Opera 8.0+, Firefox, Safari
    ajaxRequest = new XMLHttpRequest();
  } catch (e){
  // Internet Explorer Browsers
  try{
      ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
  }catch (e) {
    try{
      ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
    } catch (e){
      // Something went wrong
      alert("Your browser broke!");
      return false;
      }
    }
  }

  // Create a function that will receive data 
  // sent from the server and will update
  // div section in the same page.
  ajaxRequest.onreadystatechange = function(){
    if(ajaxRequest.readyState == 4){
      var ajaxDisplay = document.getElementById('ajaxDiv');
      ajaxDisplay.innerHTML = ajaxRequest.responseText;
    }
  }

  // Now get the value from user and pass it to
  // server script.
  var gen = document.getElementById('gen').value;
  var datepicker = document.getElementById('datepicker').value;
  var tab = document.getElementById('tab').value;
  //var datepicker = document.getElementById('datepicker').value;
  var queryString = "?gen=" + gen ;
  queryString += "&datepicker=" + datepicker +"&tab=" + tab;
  ajaxRequest.open("GET", "getuser.php" + 
                              queryString, true);
  ajaxRequest.send(null); 

  }

2 个答案:

答案 0 :(得分:1)

尝试在搜索值的开头添加%

$sql="SELECT * FROM $tab WHERE genre LIKE '%$gen%'AND dateForm = '$datepicker'";

答案 1 :(得分:1)

好的,这里有一些安全课程。在准备好的查询中绑定参数 $ gen (添加了通配符)和 $ datepicker 。由于您无法绑定列名或表名,因此我将使用 $ tab 和允许的 $ tables 数组运行类似下面的操作。这允许您设置允许查询运行的预定义表列表,如果提供的表不在列表中,则会抛出异常。

我不喜欢mysqli或程序代码,所以我不会使用它,但我很确定一切都井然有序。

mysqli_select_db($con,"ajax");
// Add wildcards here
$gen = '%'.$_GET['gen'].'%';
$tab = $_GET['tab'];
$datepicker = $_GET['datepicker'];

// Check if $tab is in allowed tables (array $tables)
$tables = ['valid_table1', 'valid_table2', 'valid_table3'];
if (!in_array($tab, $tables)) {
    throw new Exception('Hey, get outta here!');
}

$sql="SELECT * FROM $tab WHERE genre LIKE ? AND dateForm = ?";
// Prepare, bind, and execute
$stmt = mysqli_prepare($con,$sql);
mysqli_stmt_bind_param($stmt, 'ss', $gen, $datepicker);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
while ($row = mysqli_fetch_array($result)) {
  ...
}
相关问题
最新问题