我有一个sql查询,它搜索数据库以查找邮政编码半径20英里范围内的商店,但我似乎无法让关键字搜索工作。
$search = mysqli_real_escape_string(trim($_POST['keywords']));
$sql = "SELECT *, ( 3959 * acos( cos( radians($userLat) ) * cos( radians( lat ) )
* cos( radians( lng ) - radians($userLng) ) + sin( radians($userLat ) )
* sin( radians( lat ) ) ) ) AS distance
FROM firms
HAVING distance < 20
ORDER BY distance LIMIT 0 , 20
AND WHERE keywords
LIKE %$search%";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) { ?>
答案 0 :(得分:0)
SELECT columns
, I
, actually
, want
, ... as distance
FROM firms
WHERE keywords LIKE :search
HAVING distance < 20 -- or AND ... < 20
ORDER
BY distance
LIMIT 0 , 20
并使用参数化查询
答案 1 :(得分:0)
RTM:mysqli_real_escape_string()您没有正确调用它。
即使你是,你的查询也有语法错误:
LIKE %$search%";
^--------^---missing quotes
所以你要生成文字SQL
SELECT ... LIKE %foo%
而不是
SELECT ... LIKE '%foo%'
你应该