我正在努力解决这个问题。我正在尝试将两个字段中的一个与ajax调用的部分字符串进行匹配。开始输入名称,它应与名字或姓氏匹配。
我的参数化查询在LIKE语句中返回0行。
我担心我会遗漏一些简单的东西,但我只能认为参数没有传递给部分字符串。
<?
$access = 3;
$dbConnect = true;
require "../scripts/php/scriptSecurity.php";
// Partial name given by user.
$name = $_GET["name"];
if (!empty($name)){
if (strpos($name, " ")){
$nameParts = explode(" ", $name);
if (strpos($nameParts[0], ",")) {
$last = str_replace(",", "",$nameParts[0]);
$first = $nameParts[1];
}
else {
$first = $nameParts[0];
$last = $nameParts[1];
}
}
else {
$last = str_replace(",", "", $name);
$first = str_replace(",", "", $name);
}
// Freak out that maybe some hidden character is in the name.
$last = preg_replace( "/[^a-zA-Z0-9']/", "", $last );
$first = preg_replace( "/[^a-zA-Z0-9']/", "", $first );
if ($last != $first){
$query = "SELECT * FROM students WHERE LastName LIKE CONCAT('%', ? , '%') AND FirstName LIKE CONCAT('%', ? , '%') ORDER BY LastName, FirstName LIMIT 30" ;
}
else {
$query = "SELECT * FROM students WHERE LastName LIKE CONCAT('%', ? , '%') OR FirstName LIKE CONCAT('%', ? , '%') ORDER BY LastName, FirstName LIMIT 30";
}
if ($nameStmt = $connect->prepare($query)){
$nameStmt->bind_param('ss', $last, $first);
if (!$nameStmt->execute()) {
echo $nameStmt->error;
}
$result = $nameStmt->get_result();
$count = 0;
if (empty($result)){
while ($row = $result->fetch_assoc()){
$count++ ;
if ($count % 2 != 0)
$class="odd";
else
$class="even";
?>
<div class="studentRow <?php echo $class ?>"><?php echo $row["LastName"] . ", " . $row["FirstName"] . " " . $row["MiddleName"] ?> <div><a class="stuPass" id="stuPass_<?php echo $row["id"] ?>" href="scripts/getPass.php?id=<?php echo $row["id"] ?>">Pass</a></div><div><a class="stuDetails" id="stuDetails_ <?php $row["id"] ?>" href="scripts/students/getDetails.php?id=<?php echo $row["id"] ?>">Details</a></div></div>
<div class="stuDetails hidden" id="stuDetailsHolder_<?php echo $row["id"]?>"></div>
<?php
}
}
else {
echo "Results are empty.";
}
}
else {
echo "<br />". $connect->error;
}
}
以下是在数据库中上传数据的代码。我担心我可能隐藏着隐藏的角色,但我想我已将它们全部剥离了。
$fStu = new SplFileObject('../resources/students.txt');
$fStu->seek($count);
list($year,$building,$id,$last,$middle,$first,$gender,$grade,$gradYear) = explode(",",$fStu->current());
if (!empty($year)){
$stuQuery = "INSERT INTO students (LastName, MiddleName, FirstName, StudentId, Gender, Grade, GradYear) VALUES (?,?,?,?,?,?,?)";
$stuStmt = $connect->prepare($stuQuery);
$last = preg_replace( "/[^a-zA-Z0-9']/", "", $last );
$first = preg_replace( "/[^a-zA-Z0-9']/", "", $first );
$middle = preg_replace( "/[^a-zA-Z0-9']/", "", $middle );
$gender = preg_replace( "/\r|\n|\s+/", "", $gender );
$id = intval(preg_replace('/\D/', '', $id));
$gradYear = intval(preg_replace('/\D/','', $gradYear));
$grade = intval(preg_replace('/\D/','', $grade));
$stuStmt->bind_param("sssisss", $last, $middle, $first,$id,$gender,$grade,$gradYear);
$stuStmt->execute();
echo $count . "||" . $last . ", " . $first . " (" . $id . ")";
}
else {
$count = -1;
echo $count . "||Complete.";
}
这是使用查询字符串传递部分名称的主页面。
$(document).ready(function(){
$("#name").on("change paste keyup", function(e){
e.preventDefault();
$.ajax({url: "process/students.php?name=" + $("#name").val(),
success: function(result){
$("#results").removeClass("hidden");
$("#results").html(result);
}
});
});
这是一组上传的数据。
> > Current School Year,Current Building,Student Id,Student Last Name,Student Middle Name,Student First Name,Student Gender,Student
> > Grade,Grad Year 2018,111,11111111111,Doe,Jane,,F,09,2021
> > 2018,111,22222222222,Doe,John,,M,09,2021
答案 0 :(得分:0)
这被标记为PDO。如果你真的使用的是PDO而不是mysqli,那么就不能像你想要的那样在一个语句中绑定多个参数。它们应该单独声明,如果你使用的话?作为占位符,他们需要编号。
如果您使用LIKE,则必须将%符号添加到要绑定的变量的任一侧,您不能在查询中包含它们。
就您的查询方法而言,不是试图将您的用户输入拆分为名字和姓氏,为什么不从数据库中连接名称字段并搜索结果呢?
SELECT * FROM students WHERE CONCAT_WS(' ', FirstName, LastName) LIKE '%whatever%';