我正在学习本教程:
http://coderexample.com/datatable-demo-server-side-in-phpmysql-and-ajax/
以下是演示:
http://coderexample.com/demo/datatable-demo-server-side-in-phpmysql-and-ajax/
如果我在搜索输入中搜索ou,我会获得No matching records found,但我想要返回的是至少这一行Airi Satou。
this是我必须改变的代码,因为我必须做搜索服务器端。
<?php
/* Database connection start */
$servername = "localhost";
$username = "root";
$password = "Password1";
$dbname = "test";
$conn = mysqli_connect($servername, $username, $password, $dbname) or die("Connection failed: " . mysqli_connect_error());
/* Database connection end */
// storing request (ie, get/post) global array to a variable
$requestData= $_REQUEST;
$columns = array(
// datatable column index => database column name
0 =>'employee_name',
1 => 'employee_salary',
2=> 'employee_age'
);
// getting total number records without any search
$sql = "SELECT employee_name, employee_salary, employee_age ";
$sql.=" FROM employee";
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees");
$totalData = mysqli_num_rows($query);
$totalFiltered = $totalData; // when there is no search parameter then total number rows = total number filtered rows.
if( !empty($requestData['search']['value']) ) {
// if there is a search parameter
$sql = "SELECT employee_name, employee_salary, employee_age ";
$sql.=" FROM employee";
$sql.=" WHERE employee_name LIKE '".$requestData['search']['value']."%' "; // $requestData['search']['value'] contains search parameter
$sql.=" OR employee_salary LIKE '".$requestData['search']['value']."%' ";
$sql.=" OR employee_age LIKE '".$requestData['search']['value']."%' ";
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees");
$totalFiltered = mysqli_num_rows($query); // when there is a search parameter then we have to modify total number filtered rows as per search result without limit in the query
$sql.=" ORDER BY ". $columns[$requestData['order'][0]['column']]." ".$requestData['order'][0]['dir']." LIMIT ".$requestData['start']." ,".$requestData['length']." "; // $requestData['order'][0]['column'] contains colmun index, $requestData['order'][0]['dir'] contains order such as asc/desc , $requestData['start'] contains start row number ,$requestData['length'] contains limit length.
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees"); // again run query with limit
} else {
$sql = "SELECT employee_name, employee_salary, employee_age ";
$sql.=" FROM employee";
$sql.=" ORDER BY ". $columns[$requestData['order'][0]['column']]." ".$requestData['order'][0]['dir']." LIMIT ".$requestData['start']." ,".$requestData['length']." ";
$query=mysqli_query($conn, $sql) or die("employee-grid-data.php: get employees");
}
$data = array();
while( $row=mysqli_fetch_array($query) ) { // preparing an array
$nestedData=array();
$nestedData[] = $row["employee_name"];
$nestedData[] = $row["employee_salary"];
$nestedData[] = $row["employee_age"];
$data[] = $nestedData;
}
$json_data = array(
"draw" => intval( $requestData['draw'] ), // for every request/draw by clientside , they send a number as a parameter, when they recieve a response/data they first check the draw number, so we are sending same number in draw.
"recordsTotal" => intval( $totalData ), // total number of records
"recordsFiltered" => intval( $totalFiltered ), // total number of records after searching, if there is no searching then totalFiltered = totalData
"data" => $data // total data array
);
echo json_encode($json_data); // send data as json format
?>
我是否正确地说这是我必须改变的代码?
如果是这样,任何人都可以建议我必须做什么?
我知道这很多问题,但会很感激指导!
答案 0 :(得分:2)
$sql.=" WHERE employee_name LIKE '".$requestData['search']['value']."%' ";
将匹配搜索词然后任何东西(由于外卡%)
如果您想在名称中间匹配搜索字词,则需要在乞讨时添加外卡:
$sql.=" WHERE employee_name LIKE '%".$requestData['search']['value']."%' ";
请注意,这将禁止在employee_name上使用索引,这可能会对您造成影响,也可能不会对您造成影响。
这不是最好的搜索方法,你不应该检查所有三个字段,而是要求搜索者使用。毕竟年龄和薪水都有一些匹配数字。
搜索27,可以匹配年龄27或27000的工资等。没有人会年龄 bob 所以没有必要去做那个搜索
答案 1 :(得分:1)
您的查询需要更新。
以下SQL语句选择所有employee_name,以“search field value”开头:
$sql.=" WHERE employee_name LIKE '".$requestData['search']['value']."%' ";
所以,你的查询应该如下所示,以获得所需的输出,因为它检查employee_name中是否存在特定模式。
$sql.=" WHERE employee_name LIKE '%".$requestData['search']['value']."%' ";
答案 2 :(得分:1)
构建Where子句的方式,您搜索的字段必须以搜索字词开头。将你的where子句改为
$sql.=" WHERE employee_name LIKE '%".$requestData['search']['value']."%' ";
通过执行您正在执行的操作,您也可以使用SQL注入。您需要使用参数化查询来删除此漏洞。有关信息,请参阅How can I prevent SQL injection in PHP?