复杂数据库搜索

时间:2016-09-02 16:10:37

标签: php mysql search

我有一个sql查询,它搜索数据库以查找邮政编码半径20英里范围内的商店,但我似乎无法让关键字搜索工作。

$search = mysqli_real_escape_string(trim($_POST['keywords']));

$sql = "SELECT *, ( 3959 * acos( cos( radians($userLat) ) * cos( radians( lat ) )
* cos( radians( lng ) - radians($userLng) ) + sin( radians($userLat ) )
* sin( radians( lat ) ) ) ) AS distance
FROM firms
HAVING distance < 20
ORDER BY distance LIMIT 0 , 20
AND WHERE keywords
LIKE %$search%";

$result = $conn->query($sql);

if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) { ?>

2 个答案:

答案 0 :(得分:0)

SELECT columns
     , I
     , actually
     , want
     , ... as distance
  FROM firms
 WHERE keywords LIKE :search
HAVING distance < 20 -- or AND ... < 20
 ORDER 
    BY distance 
 LIMIT 0 , 20

并使用参数化查询

答案 1 :(得分:0)

RTM:mysqli_real_escape_string()您没有正确调用它。

即使你是,你的查询也有语法错误:

LIKE %$search%";
     ^--------^---missing quotes

所以你要生成文字SQL

SELECT ... LIKE %foo%

而不是

SELECT ... LIKE '%foo%'

你应该