是否可以使用一列中的多个字段搜索数据?例如,列名称为“作业标题”,在第一个字段中,我键入“HR”,第二个字段I键入“人力资源”。点击搜索按钮后,它将从“职位名称”栏中搜索“人力资源”和“人力资源”。以下是我的代码,
<form action="process/searchprocess.php" method="GET">
<tr>
<th>
<br><br>Job Title<br><input type="text" name="Designation" />
</th>
<th>
<br><br>Business Nature / Company Name<br><input type="text" name="BusinessNature" />
</th>
<th valign="center">
<br><br>Email<select name="Email" >
<option value="" >All</option>
<option value="Yes">Yes</option>
<option value="Nil">No</option>
</select>
</th>
</tr>
这是我的PHP代码,
<?php
session_start();
// Create connection
$conn = new mysqli($servername, $username, $password , $db);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
set_time_limit(0);
$query1 = $_GET['Designation'];
$query2 = $_GET['BusinessNature'];
$query3 = $_GET['State'];
$query4 = $_GET['Designation2'];
$query5 = $_GET['Designation3'];
$query6 = $_GET['Designation4'];
$query7 = $_GET['Designation5'];
$query8 = $_GET['Designation6'];
$query9 = $_GET['Designation7'];
$query10 = $_GET['Designation8'];
$query11 = $_GET['Designation9'];
$query12 = $_GET['Designation10'];
$query13 = $_GET['BusinessNature2'];
$query14 = $_GET['BusinessNature3'];
$query15 = $_GET['BusinessNature4'];
$query16 = $_GET['BusinessNature5'];
$query17 = $_GET['BusinessNature6'];
$query18 = $_GET['BusinessNature7'];
$query19 = $_GET['BusinessNature8'];
$query20 = $_GET['BusinessNature9'];
$query21 = $_GET['BusinessNature10'];
$Email = $_GET['Email'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
</head>
<body>
<div id=headerbg>
<div id=headerwrap>
<div id=header>
<div style="margin-right: 100px;">
<BRANDING:DefaultProductLogo>
<div id=logo> <a href="../adminpage.php"> <img style="border: none;" src="http://www.xendmailer.com/emv2/system/data/templates/enhanced_english/media/images/logo.png" width="203" height="21" /></a></div><!--End for id=logo-->
</BRANDING:DefaultProductLogo>
</div>
</div><!--End for id=header-->
</div><!--End for id=headerwrap-->
</div><!--End for id=bg-->
<div id=spacer></div><!--End for id=spacer-->
<div id=contentwrap>
<form action="export.php" method="GET">
<tr>
<th>
<!-- <br><input type="submit" value="Export" align="center" /> -->
<button class="button button">Export</button>
</th>
<th>
<input type="hidden" name="query1" value="<?php echo $query1; ?>">
</th>
<th>
<input type="hidden" name="query2" value="<?php echo $query2; ?>">
</th>
<th>
<input type="hidden" name="query3" value="<?php echo $query3; ?>">
</th>
<th>
<input type="hidden" name="Email" value="<?php echo $Email; ?>">
</th>
</tr>
</form>
<?php
// $query = $_GET['client_name'];
if ( $query1 == null && $query2 == null && $query3 == null && $query4 == null && $query5 == null)
{
// echo "Please at least insert one the value";
echo "<script language = 'Javascript'>";
echo "alert('Please insert at least one value to search!');";
echo "location.href = '../adminpage.php';</script>";
}
else
{
$query1 = htmlspecialchars($query1);
$query2 = htmlspecialchars($query2);
$query3 = htmlspecialchars($query3);
$query4 = htmlspecialchars($query4);
$query5 = htmlspecialchars($query5);
$query6 = htmlspecialchars($query6);
$query7 = htmlspecialchars($query7);
$query8 = htmlspecialchars($query8);
$query9 = htmlspecialchars($query9);
$query10 = htmlspecialchars($query10);
$query11 = htmlspecialchars($query11);
$query12 = htmlspecialchars($query12);
$query13 = htmlspecialchars($query13);
$query14 = htmlspecialchars($query14);
$query15 = htmlspecialchars($query15);
$query16 = htmlspecialchars($query16);
$query17 = htmlspecialchars($query17);
$query18 = htmlspecialchars($query18);
$query19 = htmlspecialchars($query19);
$query20 = htmlspecialchars($query20);
$query21 = htmlspecialchars($query21);
$Email = htmlspecialchars($Email);
// changes characters used in html to their equivalents, for example: < to >
$query1 = mysqli_real_escape_string($conn, $query1);
$query2 = mysqli_real_escape_string($conn, $query2);
$query3 = mysqli_real_escape_string($conn, $query3);
$query4 = mysqli_real_escape_string($conn, $query4);
$query5 = mysqli_real_escape_string($conn, $query5);
$query6 = mysqli_real_escape_string($conn, $query6);
$query7 = mysqli_real_escape_string($conn, $query7);
$query8 = mysqli_real_escape_string($conn, $query8);
$query9 = mysqli_real_escape_string($conn, $query9);
$query10 = mysqli_real_escape_string($conn, $query10);
$query11 = mysqli_real_escape_string($conn, $query11);
$query12 = mysqli_real_escape_string($conn, $query12);
$query13 = mysqli_real_escape_string($conn, $query13);
$query14 = mysqli_real_escape_string($conn, $query14);
$query15 = mysqli_real_escape_string($conn, $query15);
$query16 = mysqli_real_escape_string($conn, $query16);
$query17 = mysqli_real_escape_string($conn, $query17);
$query18 = mysqli_real_escape_string($conn, $query18);
$query19 = mysqli_real_escape_string($conn, $query19);
$query20 = mysqli_real_escape_string($conn, $query20);
$query21 = mysqli_real_escape_string($conn, $query21);
$Email = mysqli_real_escape_string($conn, $Email);
// makes sure nobody uses SQL injection
<?php
// $query = "SELECT * FROM user_info " . $where . " order by ID";
// $raw_results = mysqli_query($conn, $query) or die (mysqli_error());
if ($query1 == 0)
{
$where = "";
$whereConditions = array();
if(strlen($query1) > 0) {
$whereConditions[] = "Designation LIKE '%" . $query1 . "%'";
}
if(strlen($query4) > 0) {
$whereConditions[] = "Designation LIKE '%" . $query4 . "%'";
}
if(strlen($query5) > 0) {
$whereConditions[] = "Designation LIKE '%" . $query5 . "%'";
}
if(strlen($query6) > 0) {
$whereConditions[] = "Designation LIKE '%" . $query6 . "%'";
}
if(strlen($query7) > 0) {
$whereConditions[] = "Designation LIKE '%" . $query7 . "%'";
}
if(strlen($query8) > 0) {
$whereConditions[] = "Designation LIKE '%" . $query8 . "%'";
}
if(strlen($query9) > 0) {
$whereConditions[] = "Designation LIKE '%" . $query9 . "%'";
}
if(strlen($query10) > 0) {
$whereConditions[] = "Designation LIKE '%" . $query10 . "%'";
}
if(strlen($query11) > 0) {
$whereConditions[] = "Designation LIKE '%" . $query11 . "%'";
}
if(strlen($query12) > 0) {
$whereConditions[] = "Designation LIKE '%" . $query12 . "%'";
}
if(count($whereConditions) > 0) {
$where = " (" . implode(" OR ", $whereConditions) . ")";
}
$where2 = "";
$whereConditions2 = array();
if(strlen($query2) > 0) {
$whereConditions2[] = "BusinessNature LIKE '%" . $query2 . "%' or Company LIKE '%" . $query2 . "%'";
}
if(strlen($query13) > 0) {
$whereConditions2[] = "BusinessNature LIKE '%" . $query13 . "%' or Company LIKE '%" . $query13 . "%'";
}
if(strlen($query14) > 0) {
$whereConditions2[] = "BusinessNature LIKE '%" . $query14 . "%' or Company LIKE '%" . $query14 . "%'";
}
if(strlen($query15) > 0) {
$whereConditions2[] = "BusinessNature LIKE '%" . $query15 . "%' or Company LIKE '%" . $query15 . "%'";
}
if(strlen($query16) > 0) {
$whereConditions2[] = "BusinessNature LIKE '%" . $query16 . "%' or Company LIKE '%" . $query16 . "%'";
}
if(strlen($query17) > 0) {
$whereConditions2[] = "BusinessNature LIKE '%" . $query17 . "%' or Company LIKE '%" . $query17 . "%'";
}
if(strlen($query18) > 0) {
$whereConditions2[] = "BusinessNature LIKE '%" . $query18 . "%' or Company LIKE '%" . $query18 . "%'";
}
if(strlen($query19) > 0) {
$whereConditions2[] = "BusinessNature LIKE '%" . $query19 . "%' or Company LIKE '%" . $query19 . "%'";
}
if(strlen($query20) > 0) {
$whereConditions2[] = "BusinessNature LIKE '%" . $query20 . "%' or Company LIKE '%" . $query20 . "%'";
}
if(strlen($query21) > 0) {
$whereConditions2[] = "BusinessNature LIKE '%" . $query21 . "%' or Company LIKE '%" . $query21 . "%'";
}
if(count($whereConditions2) > 0) {
$where2 = " (" . implode(" OR ", $whereConditions2) . ")";
}
$raw_results = mysqli_query($conn, "SELECT * FROM user_info WHERE " . $where . " and " . $where2 . " and (State LIKE '%".$query3."%') and (Email LIKE '%".$Email."%') order by ID") or die (mysqli_error());
if(mysqli_num_rows($raw_results) > null){ // if one or more rows are returned do following
?>
<table width="100%" >
<tr align="center">
<th>ID</th>
<th>Tag</th>
<th>Company</th>
<th>Designation</th>
<th>Email</th>
<th>State</th>
<th>Business Nature</th>
<th>Data code</th>
</tr>
<?php
while($results = mysqli_fetch_array($raw_results)){
?>
<tr align="center" style="margin-left: 100px;">
<td valign="top"><?php echo $results["ID"]; ?></td>
<td valign="middle"><?php echo $results["Tag"]; ?></td>
<td valign="middle"><?php echo $results["Company"]; ?></td>
<td valign="middle"><?php echo $results["Designation"]; ?></td>
<td valign="middle"><?php echo $results["Email"]; ?></td>
<td valign="middle"><?php echo $results["State"]; ?></td>
<td valign="middle"><?php echo $results["BusinessNature"]; ?></td>
<td valign="middle"><?php echo $results["Datacode"]; ?></td>
</tr>
<?php
}
?></table><?php
}
else{ // if there is no matching rows do following
// echo "No results";
echo "<script language = 'Javascript'>";
echo "alert('No Result!');";
echo "location.href = '../adminpage.php';</script>";
}
}
}
?>
</div><!--End for id=contentwrap-->
</body>
</html>
我有1个职位名称文本字段和1个公司文本字段。当我只键入公司文本字段时,它会显示此错误
您的SQL语法有错误;检查手册 对应于您的MariaDB服务器版本,以获得正确的语法 靠近'和(BusinessNature LIKE'%chemical%'或公司LIKE '%化学%')
这意味着职位名称字段是必需的。我能知道这个错误是什么吗?
点击此处,
仅插入一个字段http://spaceforemail.com/1.PNG
结果http://spaceforemail.com/2.PNG
答案 0 :(得分:0)
第一种方法:两个输入字段应具有可区分的名称,否则PHP将无法使用第一个值。
此外,您应该只使用包含某些内容的输入字段,如下所示:
$where = "";
$whereConditions = array();
if(strlen($query1) > 0) {
$whereConditions[] = "Designation LIKE '%" . $query1 . "%'";
}
if(strlen($query2) > 0) {
$whereConditions[] = "Designation LIKE '%" . $query2 . "%'";
}
if(count($whereConditions) > 0) {
$where = "WHERE (" . implode(" OR ", $whereConditions) . ")";
}
$query = "SELECT * FROM user_info " . $where . " order by ID";
$raw_results = mysqli_query($conn, $query) or die (mysqli_error());