好像不工作

时间:2018-01-29 17:08:08

标签: php mysql

我试图做一个非常简单的搜索功能,但不知怎的,我不能让它工作。这是我的HTML:

<form action="" method="POST">
   <div class="row">
      <div class="col-sm-6">
         <input placeholder="Search by name..." type="text" name="field" class="form-control" required="">
      </div>
      <div class="col-sm-3 text-right">
         <input type="submit" name="search" value="Search" class="btn btn-univ">
      </div>
      <div class="col-sm-3">
         <a href="allaccounts.php" class="btn btn-default text-left">Clear Search</a>
      </div>
   </div>
</form>

我的PHP和MySQL代码:

if (isset($_POST['search'])) {
        $field = $_POST['field'];
        $query = mysqli_query($con, "SELECT * FROM pastor WHERE fname OR lname LIKE '%$field%'") or die (mysqli_error($con));
        // I just added this var_dump to check my input. Input is fine.
        var_dump($field);
        if (mysqli_num_rows($query) < 1) {
            echo "<br><center>There are no pastors with this name</center><br>";
        } else {
            while ($row = mysqli_fetch_array($query)) {
                echo "
                    <tr>
                        <td>$row[fname] $row[lname]</td>
                        <td>$row[location]</td>
                        <td>$row[phone]</td>
                        <td>$row[email]</td>
                        <td class='text-center'>$row[district]</td>";
                        // check status
                        if ($row['activated'] == 1) {
                            echo "<td><center style='color: green; font-weight: bold;'>Activated</center></td>";
                        } else if ($row['activated'] == 2) {
                            echo "<td><center style='color: #000240; font-weight: bold;'>Pending with Confirmed Phone<em></em></center></td>";
                        } else if ($row['activated'] == 3) {
                            echo "<td><center style='color: #00037F; font-weight: purple;'>Pending with Unconfirmed Phone</center></td>";
                        } else if ($row['activated'] == 4) {
                            echo "<td><center style='color: #0006E5; font-weight: purple;'>Pending (Account Recently Unblocked)</center></td>";
                        } else if ($row['activated'] == 0 && $row['blocked'] == 1) {
                            echo "<td><center style='color: red; font-weight: bold;'>Blocked</center></td>";
                        }
                echo "
                        <td class='text-center'><a href='allaccounts.php?activateid=$row[id]' data-toggle='tooltip' title='Activate Account'><span class='glyphicon glyphicon-ok-sign'></span></a></td>
                        <td class='text-center'><a href='allaccounts.php?deactivateid=$row[id]' data-toggle='tooltip' title='Deactivate Account'><span class='glyphicon glyphicon-minus-sign'></span></a></td>
                        <td class='text-center'><a href='allaccounts.php?blockid=$row[id]' data-toggle='tooltip' title='Block Account'><span class='glyphicon glyphicon-remove-sign'></span></a></td>
                        <td class='text-center'><a href='allaccounts.php?deleteid=$row[id]' data-toggle='tooltip' title='Delete Account'><span class='glyphicon glyphicon-fire'></span></a></td>
                    </tr>
                ";
            }
        }
    }

我通过var_dump检查了我的输入,我正在搜索的字符串正是我输入的内容。如果您需要,我的fnamelname字段中的数据类型是可变的。

3 个答案:

答案 0 :(得分:5)

您无法使用OR组合搜索的字段,您必须为每个字段设置单独的条件,并将这些字段与OR

组合在一起
WHERE fname LIKE '%$search%' OR lname LIKE '%$search%'

您的病情被解析为:

WHERE fname OR (lname LIKE '%$search%')

由于fname为真,除非它是空的,否则这种情况几乎总是正确的。

顺便说一句,你应该学会使用准备好的查询来防止SQL注入。

答案 1 :(得分:1)

更改您的SQL查询:

SELECT * FROM pastor WHERE fname LIKE '%$field%' OR lname LIKE '%$field%'

答案 2 :(得分:0)

您需要更改第一个contidon的查询

SELECT * FROM pastor WHERE fname LIKE '%field%' OR lname LIKE '%$field%